5d1cac8499d90c1362f7b2194e05e087c5b9d4fe8ab1da4b73718def2694ace4

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3192bf72cfaa3f4edd63a8d76933885c_JaffaCakes118.html
Size

19KB
MD5

3192bf72cfaa3f4edd63a8d76933885c
SHA1

b77fc9989e93b1ec57c119af0e64b4517b505292
SHA256

5d1cac8499d90c1362f7b2194e05e087c5b9d4fe8ab1da4b73718def2694ace4
SHA512

2c43ffbef1a930aa470665eb86181c347b57096834deef9435c2dd0cc401a5ce208b81e3131548efb3834a5392d24d02bacf3cbfd1bf11f092999853f76b6754
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIm4YzUnjBh8W82qDB8:SIMd0I5nO9HPsv8VxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 3288	2216	msedge.exe	81
PID 2216 wrote to memory of 3288	2216	msedge.exe	81
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 4156	2216	msedge.exe	82
PID 2216 wrote to memory of 1428	2216	msedge.exe	83
PID 2216 wrote to memory of 1428	2216	msedge.exe	83
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84
PID 2216 wrote to memory of 1368	2216	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3192bf72cfaa3f4edd63a8d76933885c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa088046f8,0x7ffa08804708,0x7ffa08804718
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,15787867423739219698,13872571397668501343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2280,15787867423739219698,13872571397668501343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2280,15787867423739219698,13872571397668501343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15787867423739219698,13872571397668501343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2280,15787867423739219698,13872571397668501343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2280,15787867423739219698,13872571397668501343,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  PID:4560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
81008acaa5d879fca97506b920252516

SHA1
a092f033fdfda3c8d38c1a78ee71b647c8d99a81

SHA256
a0c5a49316d3bdd6824e9ed8c5556e508057ced054d95ab5fa2bbde38dc6ecc9

SHA512
9ff3d833cba2f5d6299f8bdc211a3e60e673bf4d5ee943e8f591e545fabff36db9c7ce32bf7280e998439cdde2c3c365bc547b65cb00f8bb632fd6b4a76387b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
67b41c80212ebd0f0221f6d7c8ceeae3

SHA1
9346efc71a01d6a42877eecee013cb7d8f60cb16

SHA256
1acecd0865a049edb2b813302d10ebd085a0af528b8c9677457bedff0365bb88

SHA512
e7ff015938970cc16dc185a6d7533daea6aca576cf18af762ce9b98e974c91b93e006f1fa8d206f4f0b20e5230f2fd9154b8662c94e90a85a0df07c8dea06c6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
929e6eabd91239140c772290079d7a03

SHA1
f133f32c34e8cab918631a23ad1659a379a9b14f

SHA256
e07f9a20c0bcead4829b4b22e572069ac1b9345ad2b7e0986c096c68551f12fb

SHA512
1ca7cb708f6e82a6fc2b6010bbe8149bd47b5ea83d15a985f552cf46c5ebcce8b5c17b6e3ca2236220ba8931ae0e726fe49239f12c3351e81000d882e75aa7a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35b46d36466e0f0b597bcb8573a2deba

SHA1
11e94ae9765a4d9dfc5be4c21aa9fcf1dae5b677

SHA256
9989755b3568c44dbeff2747eb9a300a5b1445a10e77082c849bfb6457f5904e

SHA512
a3f8749292b2ff00120df8bba1876b8cb7029733cdd46f7a659eb9df19e14b0c846a986909e6c885b91933b0f11137aad1a361e9736def198b85d66800f380d5

Download Submit