d90a57c11c39911faa2f82d351cb127011bf2186e34a02925649cd6ab72532cc

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 17:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25e47f6a3d8201105128a9d0d139aab7_JaffaCakes118.html
Size

405KB
MD5

25e47f6a3d8201105128a9d0d139aab7
SHA1

7012f991bb3a8aedb331830a16e56bc0254354c4
SHA256

d90a57c11c39911faa2f82d351cb127011bf2186e34a02925649cd6ab72532cc
SHA512

c1d5c4e2f8efe69f9fa2ac045f8b1d862d156f928280552be4a8592ae8c52bb5ba7c301c969a511cebaab3fbaf74d0861065e7dcd8c9c805f5e93748f275d8a5
SSDEEP

12288:iHzYS0w7RbgE3Q0g1IPt23rl/ZslohtOJ4pel8BX:MRbgE3Q0g1IPt23rl/ZslohtRICX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1920	msedge.exe
1920	msedge.exe
4520	msedge.exe
4520	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 5076	4520	msedge.exe	83
PID 4520 wrote to memory of 5076	4520	msedge.exe	83
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 2448	4520	msedge.exe	84
PID 4520 wrote to memory of 1920	4520	msedge.exe	85
PID 4520 wrote to memory of 1920	4520	msedge.exe	85
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86
PID 4520 wrote to memory of 3500	4520	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\25e47f6a3d8201105128a9d0d139aab7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb633a46f8,0x7ffb633a4708,0x7ffb633a4718
  2⤵
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:2448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2604 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2616 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:1172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2276,16906105720791035358,15572181787404401182,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\05f14e93-d020-44bc-978d-5ea649b48bf5.tmp

Filesize
1KB

MD5
8d640ae17122967ff443dc9d9184870b

SHA1
e4e3cd7e201887f0c9fddb6633323dc35e248608

SHA256
6a660b9f265d1a1c12c252f967e42a5336d27401207d9a20c400ad32ae08b460

SHA512
3dc140cc9f80a6e45e88a812101e288af4b7a991af799032798780f400e82694942477fce3d9f6bac1ed673a5cc318dc1916be5040df35071b8e7ed2f66f0d3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
48b6f79b994786ec1713eadd4ccf0133

SHA1
e05abc81d9921e7ece2db96f1e5db796f538e333

SHA256
da0b619fa8970ff5d0e037e9fe28dddd9091ad4c8cd1c6eb40cddbc76f5c5b87

SHA512
ddc9055f43746e702b2164be0ec6a62b1fd160d4bc73951ed008f6a44eccfb163684332962942b34fdf0b00bded056fc9965fd0f3f6783bc8d868237ec5782cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b60b831d819f2e32b1239f4bdbc3753e

SHA1
1dc84589f3dad6633f7d20e75619fc6030f959a7

SHA256
2cec1dfb892958853857aee78861adbe470fcaa73d5ba8646d72c04c065bb0c1

SHA512
4c096d03c487f599e44cb2f33c4d6017dc7ad02fc51760988221d8ca6050aeae2ffdc9fcdc8918c582c10e75362ca603c76e8b34b528ebbf391efe93614e073a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
02d52bf082478b0272792180bc407e0a

SHA1
dce5814d20d79ae7205e47a118f116bdd9cdbe8d

SHA256
b6ea5df4a71fe86c2837e4a940933066ceba1bd74610957070974462c1fbed11

SHA512
44ded66c9a032b31207a4fa8a014a9074f4968b278958633c79c2e15e99583f1a9cd8dea505edbb008344e7ff668c438f60753b2aa3646ff38910958ef04d31c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6454b8897a96e218544c511b55721331

SHA1
f9350bf9e14e7234aac8839d31e162e66222d847

SHA256
9a5a42390153601464e4de4a98e19e65f857d0b9e9ff5bb718d97408c27f8c3f

SHA512
3d98417ea971eed85c6792b89b2680bb9e76ea02f04e530b96b920474e6286d6459ed310ff11e9938012e49cd5fbe2e0b9b0198e44e0bbf00b67e51d1e986de3

Download Submit