915edac7250b0005fbfea0c494531ff1ccf4b90aa4801b9d114743281b1ec727

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 15:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

183d150d0c0fa29e4ead8b4f64a9d6a4_JaffaCakes118.html
Size

18KB
MD5

183d150d0c0fa29e4ead8b4f64a9d6a4
SHA1

a018f42fa3c9a280f8f38fdcc037f060b961ad90
SHA256

915edac7250b0005fbfea0c494531ff1ccf4b90aa4801b9d114743281b1ec727
SHA512

cf3cfe817110913d92a58d7623252c6233825b2f90fac640a2d1de5e1d50d19567fea966860c09b43c9d5955961c5f10d790d25cb9b99584021dfe6f4397619d
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIW4MzUnjBhAK82qDB8:SIMd0I5nvHPsvAJxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4456	msedge.exe
4456	msedge.exe
1676	msedge.exe
1676	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe
2068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 2948	1676	msedge.exe	84
PID 1676 wrote to memory of 2948	1676	msedge.exe	84
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 3532	1676	msedge.exe	85
PID 1676 wrote to memory of 4456	1676	msedge.exe	86
PID 1676 wrote to memory of 4456	1676	msedge.exe	86
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87
PID 1676 wrote to memory of 3988	1676	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\183d150d0c0fa29e4ead8b4f64a9d6a4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8ba346f8,0x7fff8ba34708,0x7fff8ba34718
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2916 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8673440223833773008,14036032983799298593,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3132 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4120

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
02c4274f4f5f7409aea42e76fac4d622

SHA1
81337f422b2ac4ab8de3aa0c97eb7d6627573bf2

SHA256
83ce3c63e41d25778863153a49ace03c65848d010f7282debf5ff40477c20b16

SHA512
6c9b2a23302c788a8f95a94f24daff213cb2e7aa91a097d31fbc1315d7841ce7ed411fa99edd9c12e048b0dd9dbd280f33dd6d73b360f82fbfd2c2a2fcbbdee6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f495f26fd03ed50b0450c14cae5a6a6c

SHA1
b10deda279379db89aeecdfeccc1a7210cf8fd3c

SHA256
d67b5e0ae09cea4d1e22239a6f3383c35117b6b6ca9e486478830cb7312b0329

SHA512
2156b2af5b037cb12131e3142ae8fb6232179ae76810f5e5ed08504763f6919e02a2103a02977e22c62ad76813eece3b350da8a0e7e1486b837e9f885b9cd69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67fbe711a5408f33056eea730de99958

SHA1
b116148b913f93cbf2975c96b2880dce866aeb96

SHA256
042f66bba3f441269fa2667a068989a8abcf45d3b53e4b7ecc1afa1bb9780c37

SHA512
cb217708188e6e6b0edc02b5a8738d21c9cf01cb005a70f0ff36ae0b35684a84b17b18b7df3ec2395c10e493493c6d69b94c21fba6f54788da74977cad4fce42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
27db1907eaf1c1c38800c56d23472c94

SHA1
e6c1a1b8b22d422d821613d64cd6f4584a26d8fc

SHA256
e473bf588718bdbeca7f1dd7c405f1df7f7e0ed9ed798acac2d6f0404607b57a

SHA512
681ba89be66694859a9b4c66e990c7ff28d86137d6b1fc65c362a3b57b8feae5783d66628c2d03a2a8999a838d0db56a17276f01f5cfc846f212444244074b6f

Download Submit