e98dc286927477340e6fc651b7cab2bcbf9cb895f952e01924eb91005fb5fa29

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 03:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15da459ab7e98aa06d63c6886519afb4_JaffaCakes118.html
Size

139KB
MD5

15da459ab7e98aa06d63c6886519afb4
SHA1

a4621b1bc4b5f849876b6e40cdab885ecce6faa5
SHA256

e98dc286927477340e6fc651b7cab2bcbf9cb895f952e01924eb91005fb5fa29
SHA512

b4dab470469ea32bfa805b7fc37f7ecafe0d1017a8ab63a68c6c6dff3bc1d50cdeff7dc9b78ba066a97c38aedb5deedd1f7d2d4f50c239f3fed88849cb09af26
SSDEEP

1536:SLtoOuScl0+yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBw:SLln+yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5060	msedge.exe
5060	msedge.exe
1416	msedge.exe
1416	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe
1416	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1416 wrote to memory of 3732	1416	msedge.exe	85
PID 1416 wrote to memory of 3732	1416	msedge.exe	85
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 4356	1416	msedge.exe	86
PID 1416 wrote to memory of 5060	1416	msedge.exe	87
PID 1416 wrote to memory of 5060	1416	msedge.exe	87
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88
PID 1416 wrote to memory of 1280	1416	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\15da459ab7e98aa06d63c6886519afb4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd39046f8,0x7fffd3904708,0x7fffd3904718
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1654061017552768711,9111529024841005081,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1654061017552768711,9111529024841005081,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1654061017552768711,9111529024841005081,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1654061017552768711,9111529024841005081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1654061017552768711,9111529024841005081,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1654061017552768711,9111529024841005081,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
15cd30d7332656ae7dd7137c4f07676f

SHA1
e8e9236446c1f0b83dce84506adcc1155a0e904e

SHA256
37fe0bcbe28d7cbdaf6853cacd76db1bef57c41895f4911a56767a99584f2a45

SHA512
45c16f0bf4a5822c79b2083b29ee9f9469642b8e8dd46cff387c73217ad0a9a1645e00c0cb423bdce4c211a9fa82ad863f793d65ef762d9ac9b5c100486fb2c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2033203afd1eb64f1e86b3a3fe415726

SHA1
c62318840f015e04ebe66c6d3cac48c6544c445b

SHA256
89aaf2009153cb3d4b62d8de32bfb23a8014b28fd678337cb1a7f97f2f149c71

SHA512
59d6a1550a239ed5a337966140344e6b71f29226881e779a555c8008214dfbac8d020dc7f97698762acf62505c0a1063fca98f5d31de234ee684e245d84dded7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5026ecc95b553e2d58353ce1f138575

SHA1
92e16b3f256a986fde445e9dc522020c22e39f87

SHA256
37875adc08772b161a9c0aa439939f16898f56665a4dcd98118533db86ee051f

SHA512
d8fd7bb81a83042cb1def2449aa42fc0e9058dc8a9a65599b4ff63bf9b2fdb6b1a550b8dd6531fe97906d53634a978f1515d79c30dfd10e4f52f8f9a7f065254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
407893bf9a2672b534899208f0bfbefb

SHA1
c3f381cdd9ef4d1d43ec59c50272cd26efcd77a0

SHA256
b566439bf52f7b5308fbca1519238b03d4faca94d536dae9b65bfdf629518ced

SHA512
2b164a1a8f25129c81ad6bed0a710f4f24938a380a29c8ea2f5bd4741bb46d8a709127e403d3ba1f3dfe588eb6c7c37407d2223450370b1b2213f42bbee3eb97

Download Submit