1d5bfba9816edbc138ecf544331ee4ede337bdbc9a5171db005d17b3548ed3e6

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2881282bdace00afa1f4c2f164a4b682_JaffaCakes118.html
Size

214KB
MD5

2881282bdace00afa1f4c2f164a4b682
SHA1

972bc76b395a3916ec5e4063013ee2f427c22c59
SHA256

1d5bfba9816edbc138ecf544331ee4ede337bdbc9a5171db005d17b3548ed3e6
SHA512

f7999acfe906cc7cdb8044f6a4c2f4b6595354cc7fd638a06bab3d6360a3bd0fd0ad1d58cf6a1c5b9632c30a3c88694b11d793fe7145f73e537a37c32fdb8c17
SSDEEP

3072:frhB9CyHxX7Be7iAvtLPbAwuBNKifXTJK:zz9VxLY7iAVLTBQJlK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5384	msedge.exe
5384	msedge.exe
1396	msedge.exe
1396	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe
5728	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe
1396	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1396 wrote to memory of 4688	1396	msedge.exe	82
PID 1396 wrote to memory of 4688	1396	msedge.exe	82
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 1348	1396	msedge.exe	83
PID 1396 wrote to memory of 5384	1396	msedge.exe	84
PID 1396 wrote to memory of 5384	1396	msedge.exe	84
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85
PID 1396 wrote to memory of 4236	1396	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2881282bdace00afa1f4c2f164a4b682_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a06c46f8,0x7ff9a06c4708,0x7ff9a06c4718
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,10746637483551215116,4445090068838828392,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1968 /prefetch:2
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1940,10746637483551215116,4445090068838828392,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1940,10746637483551215116,4445090068838828392,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10746637483551215116,4445090068838828392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1940,10746637483551215116,4445090068838828392,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1940,10746637483551215116,4445090068838828392,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
88498f1cbbb483ee8cba698803ab2381

SHA1
8eed028ae7c034be6c0ae526bd5647b3a2d85c9e

SHA256
234112fb7136c125d8b8774fd0023078540b5e2cbb1f94301a0bfeef69702431

SHA512
480e48c97ef6ea4bfd875a2bab042a92ebe6946557a5ee8c6c22661bbe1371cfb5cfe01c0cca4ca2d28ae3fc75539c9d7ea0c08746b03f3e3e2c40368d9b0ac1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5f79954c9ce39763059f5136fac55dc

SHA1
6da397118c0351bc4f84b0f1dab136992bb5384f

SHA256
c1da56edbd31774856387bb1bc4915d2cbe19be6703b442f74da4b1d050e6e02

SHA512
8c93abd1a820f3080f71511853fef2a43ac7a1637732fc18cabb1d8470fcb16498c84fab8758489d4798eddeca9d4befbed171726a7f11e39c7c602e5216ff7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b2285965c5ce8c7da0006ec2643bdf12

SHA1
6e0acd0476a482af7b0e28326990e58e0d34558e

SHA256
741f4e1b1902d6dac4b0936ee4ed173742078afb61b376367400c34397d1e127

SHA512
7555d492057cfcb4977ca2c298c834e248dfc51d833c7245b1f4639430f7292df20a8f15ebf426846af55e057b64e6affc5bbea54a033eb6711112889066d1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6ae53649c363c9ce4f3d6ba3b14c3d0

SHA1
2d9dc270434818d097ca9b5b088f7d7131574e5d

SHA256
ac157a7990b8bc8fcf460fe441b2bb2ee89d746b107aefb727e221709604d7ec

SHA512
1f18d144a42490386c1cf4a0974a59a5764a9b866e7f7e3df5ccd7313cd4e12746b153ac22fe128d3b20eb59fb0882c61e7dcba509a6a9526052a6c9ce44b7dd

Download Submit