1fdac28dbf9db08b9f47aeafb60e02015f232ec7df994ead120cc45f871e79d2

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

164be7cfa23c8c8079bb72cc4d8891e4_JaffaCakes118.html
Size

138KB
MD5

164be7cfa23c8c8079bb72cc4d8891e4
SHA1

a76439cd7dd001561f46db56b647e97393290d6e
SHA256

1fdac28dbf9db08b9f47aeafb60e02015f232ec7df994ead120cc45f871e79d2
SHA512

979da030b55abf68e10a7aeaf321cc59cee7a5e9ada9e3476add24b6537beb1bb157bd9cbf13b47f9611829188da2ad9935a61fa005a69d10c8e337dd30ad734
SSDEEP

1536:SrDSvkldyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy+:SrfyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
2092	msedge.exe
2092	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe
4608	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe
2092	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 1680	2092	msedge.exe	86
PID 2092 wrote to memory of 1680	2092	msedge.exe	86
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 4788	2092	msedge.exe	87
PID 2092 wrote to memory of 376	2092	msedge.exe	88
PID 2092 wrote to memory of 376	2092	msedge.exe	88
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89
PID 2092 wrote to memory of 544	2092	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\164be7cfa23c8c8079bb72cc4d8891e4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa26c646f8,0x7ffa26c64708,0x7ffa26c64718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,786207316565028720,107379144747347965,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,786207316565028720,107379144747347965,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,786207316565028720,107379144747347965,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,786207316565028720,107379144747347965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,786207316565028720,107379144747347965,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,786207316565028720,107379144747347965,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
864be6637ab0c606441dfaebdde9ec89

SHA1
56ae8b0e90e356e3c1eff55f0aee6096431c07d8

SHA256
33726b9ffd5b3d52df2c3354ea9cbbd4c765cde4b9c689e939760818549cdc29

SHA512
a33cd226d1c78d0ae435aa30cab754ad802da6b71d6e11ca066ef6eda0c7541342467f1c7fde81563969ef0c540d08adae0e3f644988bfa5a18c67d8b90edf6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0f567c2bb89a16169686f143b0715e75

SHA1
66a0aae72212e2ca5d875e64279745cf151a8fcb

SHA256
305e16f74b440daa978f359de27951c5c6508cf69966df8dd26afaa9a60fc151

SHA512
35409f313400059b8a00d55d4e4633f3bfe7f891ee2c282f61f2ab4365d2321d3072000581d9291af35a0cb2f656121541bdbf3a05e6b7462d82c341e566f529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3e1cab0faee854ce45c72fa2e587e906

SHA1
edc9268ca800ec45b102a756e41ef8511d124e3f

SHA256
a1f0a5736040b858f1688b6c78a7729a7e265fbd4edaf8f11c84f19dc243c93c

SHA512
c20ee27113d2e2623cb589e2092a652e502e1255b5cb1882d5e6f22b06b250e6fec9bc88bc5b6bfbbc5115f9c5301201e9fefa454a44b7d789c6634a79a2d7b6

Download Submit