1dfb49795ab1ec297eecaa6eeb80f0392e3a2c18ea4bce702dc6356467e8cbe7

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 05:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

163e89bf4b77a2bbbea29ffb2da6fa9f_JaffaCakes118.html
Size

139KB
MD5

163e89bf4b77a2bbbea29ffb2da6fa9f
SHA1

e0f59ff20504ea59ee3a9e8cacbc28f64ab50084
SHA256

1dfb49795ab1ec297eecaa6eeb80f0392e3a2c18ea4bce702dc6356467e8cbe7
SHA512

8e82bba4fa8ba387295198090f5e6b8316e3b3b4bb27b22c1511ca0091337f391d0cd835b168c18f27f2071d24fe4737047d0a21bf5f83c01c5f012751f99648
SSDEEP

1536:SmNEiRLl1yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOZ:SmtRTyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
760	msedge.exe
760	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe
4920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
760	msedge.exe
760	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe
760	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 3260	760	msedge.exe	83
PID 760 wrote to memory of 3260	760	msedge.exe	83
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 2244	760	msedge.exe	84
PID 760 wrote to memory of 4368	760	msedge.exe	85
PID 760 wrote to memory of 4368	760	msedge.exe	85
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86
PID 760 wrote to memory of 4500	760	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\163e89bf4b77a2bbbea29ffb2da6fa9f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8dd846f8,0x7fff8dd84708,0x7fff8dd84718
  2⤵
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16285286156853966720,1636562377248663187,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,16285286156853966720,1636562377248663187,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,16285286156853966720,1636562377248663187,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16285286156853966720,1636562377248663187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2224 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,16285286156853966720,1636562377248663187,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,16285286156853966720,1636562377248663187,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4048 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1968c1db41399f3d47cec360b66e8493

SHA1
f7913f2969ff8169c5cb57dbc72e768c43c21e1e

SHA256
b8c2fecdfa56bec3241af141d92bc1848f13e17ff6b3cf7a116fb9b1598821bc

SHA512
f9b42be1b0c608483c93269f3a4ce55b5bbc275e95bf92cac301b85fa5fd2749b00037d835aff27bf7c0efad44c7fb4e671b9ab8663aaf7a124f2be981d8f507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d78781c504e7b97870bc98ca4d17bcad

SHA1
5660ed2b67d3f29b6f9a40700d0cca23037c62dd

SHA256
4751e61c02883b7c0b86c672ea4789c229cbe00e3bd7049537036291a1511757

SHA512
abfc853bf8a877194cfb8c66bfe9e0a538e49d880d8c5ea4e7b6c36976eb93717c144e6dedf4ed806a6a5f47db2b558961b3cda71cbcf91ab871737b50ac5ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e109626b05b635ed6c7757fcc6f1b0ce

SHA1
4eeab4f777b51c1b9f0e10f6e2329ab4f7ac9b1b

SHA256
3617470431b8a68e190b506642a5b01e4380302debcd9b9f5147c3c8e9423bab

SHA512
33bbc124310748aa78bae87131b0b56e5f8711122788be33a7b0b6b63df8a98dacc058ff6f17679b0179c5ebc30a33e4e7dc496ee506d69e0aff40cc902c16ee

Download Submit