4804c30527c2c0cd5191b65828c515ce49105c19217bfa55f991022956ba4118

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fe5ac9f8a1e83f7465ff3438a25c415_JaffaCakes118.html
Size

21KB
MD5

1fe5ac9f8a1e83f7465ff3438a25c415
SHA1

365057e27d831dc47c161fec5b6c69348d84b578
SHA256

4804c30527c2c0cd5191b65828c515ce49105c19217bfa55f991022956ba4118
SHA512

d1dbb6435ba2cbdbeaf8b0d83e896e17353d957023834af09bd452d7bd58e24b85235475a5ceb44878e106243bcc4b2680d20098ac8c1f7b6419cb4a1b54e7d9
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIKBoHmtET9BooqBKBoHmtET9BooqBOBoHmte:SIMd0I5nO9Hnsv0NxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1384	msedge.exe
1384	msedge.exe
4756	msedge.exe
4756	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe
4756	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 1668	4756	msedge.exe	85
PID 4756 wrote to memory of 1668	4756	msedge.exe	85
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 3692	4756	msedge.exe	86
PID 4756 wrote to memory of 1384	4756	msedge.exe	87
PID 4756 wrote to memory of 1384	4756	msedge.exe	87
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88
PID 4756 wrote to memory of 4604	4756	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1fe5ac9f8a1e83f7465ff3438a25c415_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefc9446f8,0x7ffefc944708,0x7ffefc944718
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14890511122242486089,12504293793982241498,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14890511122242486089,12504293793982241498,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14890511122242486089,12504293793982241498,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14890511122242486089,12504293793982241498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14890511122242486089,12504293793982241498,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14890511122242486089,12504293793982241498,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4844 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d3070b9d9c86157c866c577cf56cdb9d

SHA1
65e6f017f196ba8a6ddde0848dacbafc5ed180e8

SHA256
001ff1f8bdfb22251113fea0fd4a1c4001dd0b49830ee96418d9e9b3015872bb

SHA512
708eb75ff2cd52910b34b710b133923cd2aabc052934a7b9ab4c1ec0277732a1e1f3812c0f3d646f19dc730fb628420e56c14b25c60cf5ca421967c9ab41be11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4b5667383358e0a88151112036c0830e

SHA1
3ef48e6b139df8546870eeb2a8759e607aae8a25

SHA256
b0fdc1622311cb9b352b2768d817adf37248b760d95a8162430c2545a983bc1c

SHA512
77db9346061f83f4b6d8de5054a69e6230bc3171df6cd5d0ef6fe5abc6a8f138149c96e9cea280fcb2370e3cfa04931b3341bc9d6f9fc8bb3039e030b8e85a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
590edd00414c7cbeb8535430a1379043

SHA1
7a700a77292e59f4d8f92635168e98de272e80d6

SHA256
ef6d5f1af3478e626947c493036cafd7385636bbf938886ea993249788d521eb

SHA512
b3d764423f2b0880c9f7e47b5f97eb46002804e45b7e4eddcde74beb60c097ba6d1cda4ca1f1305b0d25993a52720780d123e941282d54ef752cc6b365c974bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d75776e8031d8c52ef62995739e897fb

SHA1
815f5d45a353eefd7533f870a3e3f56cd7222ae9

SHA256
1318eb9650b495bb163761aace3f36a2c2ca6635537b80d60e0b5cd565d2cd6d

SHA512
da9fb2d160fee3aa6924a31125174aa580fec5acbe2783f9028c9d7180b55e7e5f0c9b56130b505054b7f54ef16bcf7d3e1f61c6e91ccdb022ba0286e4768256

Download Submit