5e98007d2a101f8b461e74e90dc20cfd781ab15bad8a324a58c1237b93244ce9

Analysis

max time kernel
147s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 04:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

233c3d0e9e79136b154ec1f7f226fdaa_JaffaCakes118.html
Size

207KB
MD5

233c3d0e9e79136b154ec1f7f226fdaa
SHA1

f0e0bf65f7a56d6a851b01056d37f12631e841d8
SHA256

5e98007d2a101f8b461e74e90dc20cfd781ab15bad8a324a58c1237b93244ce9
SHA512

905b01759d7d0d42b5f7d6b83a249da65316351db9fbd684f6fee65e960f1125a4313009d32c2960d0136d1fe050dd35c5c98da41f74ff82a8c86486968d4b09
SSDEEP

6144:c530DH6NEQwjcHXxQRVufJc/09W1ko05l:cuDHQmjcxQRVufJc/cl

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
1896	msedge.exe
1896	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe
1244	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe
1896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1896 wrote to memory of 4360	1896	msedge.exe	83
PID 1896 wrote to memory of 4360	1896	msedge.exe	83
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2176	1896	msedge.exe	84
PID 1896 wrote to memory of 2672	1896	msedge.exe	85
PID 1896 wrote to memory of 2672	1896	msedge.exe	85
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86
PID 1896 wrote to memory of 864	1896	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\233c3d0e9e79136b154ec1f7f226fdaa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8797646f8,0x7ff879764708,0x7ff879764718
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,9823692681713376496,13899268721979513189,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
7e8a5c935cf1b8e056b6eee441671b44

SHA1
4a5ad6a73264d66c344035264f5179fa05847b1e

SHA256
a9131732828e2271c9b5071a37ca9608693e865bedd7ab55d62a8e1e2c499dba

SHA512
8a3a08374ba68969ad92a6b355509ced753afc45a889f46b2bf4acff6ede1a3f5c44cefc47baacaa334f0813fc1a647547648f7551240cdf1c79ce6daa254295

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beb44368702b9515eb47691cae5b83e8

SHA1
89f1764898100973e5a6309a34e88513c8443b3b

SHA256
ed2a42442bb19859317527efeefa773afb8ad70f23d8f068ec832fd0eba7baed

SHA512
d3824499654a85a88e28e7542fc37e9ff8061e7759e670809635f2d5ec6648ed0514809caa90bf9d16408ef07bac98173ddc16b791bcfb286e59c61c241702c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b96a299f666837febcdd1987dbb31159

SHA1
f2987ccb48e7743c1666dd1aaed0f6c646e3ac08

SHA256
26ba04595246e55e097b9d3f38c6a7a52e08b6d24ddb093b1c6ee1d8fc89c297

SHA512
9aaa9e73d055c60a9bcc1cf669507dc9ec6e7e021b1af0245b99031eca736e5f6ccdace5c5086e2c401e8b6fe34d4c4a0ddd0682f985371cb9d1d7ee62e7c293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ff606042c2bfc4da919e314d015e14e5

SHA1
089c599c0d12bbac213ce79f751c60edae54359c

SHA256
f71103a1dc5906a000146d1fee0153351267734e0705ba0da68ca37b3fabb79a

SHA512
28b80cd79a7d0fdbb547fe4e52ab3a75830f749402d3d7d1a68f1cd3fad40be4449fbe4abf08c9dbb601650c382446e19bade12d48b4f08140c8e861d6734bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a948c68d2aa9f98caaa060a408d57f2d

SHA1
1db6e629766ee3d97789a2b7cfb10f2869492460

SHA256
6f73a30f389c29286795d82e5f185d32a3f3c088d30b1a4cc029553bc6a387b2

SHA512
583fbabd77fff86ff8e39a36e50f7e43c4a7784a8b140e815255d197218d7dbe3ab98c696d1df5d723f3a920890bf5c4177ca2ba097acfa04939408a44f2347d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57b239.TMP

Filesize
707B

MD5
e2d29b055bfdf3fab3d85faefe4da0d4

SHA1
9e654c8c8ff15b1fa33e48f2b98c7799fe37fa39

SHA256
50dad62bae587e404e2421e070aa2f0a64e312f33938028f9fc1ccbb06960478

SHA512
78f25ddb39f1a213f95f8193a9e42075b98a82cb678c259faf7d3b9c4ebaa109adef921502f02db7e022766d306a823efd5813512845fc8cf60a0668e5ece46c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96f1ece75fd05255a1a2b6505be19a09

SHA1
e4ebc607f10fdc74fcd9974074e594df71526172

SHA256
2e4281d08f8843526ec803b194e2d99a641194bbaa18e366c2f4068565b88c50

SHA512
d251d81581950ad8353435faadea4ae7c68711eaadb9c8e359509793c428f63cfaf3e2ba1e600c7d457179dad7cbd672c2621a4ad8a6b27291100a98d2950feb

Download Submit