1807693ebeb3c68f9569e8a7982c80faa86913781f7c9e3c9d32a1a1b8ba12c6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 10:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2eafad80f8be92e37f097a6a1d7cd162_JaffaCakes118.html
Size

18KB
MD5

2eafad80f8be92e37f097a6a1d7cd162
SHA1

be5a1991ca057198e7c01cb4814fa0554726d49d
SHA256

1807693ebeb3c68f9569e8a7982c80faa86913781f7c9e3c9d32a1a1b8ba12c6
SHA512

7342d46a5187443762871505cbcfca40c437d5dfafc53f8d469c0e3eb06d4f31a6cecaf8ce45529765a7b9ac10dd4f19ba9fee75cdc44f76c8582ebdaed22b7f
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIN43zUnjBhxL82qDB8:SIMd0I5nvHFsvxwxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
3176	msedge.exe
3176	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe
4384	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe
3176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 4864	3176	msedge.exe	81
PID 3176 wrote to memory of 4864	3176	msedge.exe	81
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 3800	3176	msedge.exe	83
PID 3176 wrote to memory of 4712	3176	msedge.exe	84
PID 3176 wrote to memory of 4712	3176	msedge.exe	84
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85
PID 3176 wrote to memory of 588	3176	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2eafad80f8be92e37f097a6a1d7cd162_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbf8a146f8,0x7ffbf8a14708,0x7ffbf8a14718
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5752896799106423233,10008245426834675988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,5752896799106423233,10008245426834675988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,5752896799106423233,10008245426834675988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5752896799106423233,10008245426834675988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,5752896799106423233,10008245426834675988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,5752896799106423233,10008245426834675988,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4660 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2e9e8f21d40d78e1fe7530d059c24f5

SHA1
daa32d854d2c0a72e8c852d989492b549a937ab2

SHA256
bb5e8c2261f633549d7594c7cad67fcaa22cdd1ac2ad32dc4521fd7adbf72b33

SHA512
a4cbb11de740e459f53605bc15b114b6f2fcba38d8c4b1ea63c9be69b3d8643be10a31d71d01ff227c240b4e2bcc5cfbf69b317473caa61b0254d83e94aaeba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
172bae7527077846e08d87b0bc2819d0

SHA1
716ec114d5dd20c0bab5845e7988eb66de128449

SHA256
c542208a99a9ef200aa9ba76b264f53d7766b959d137f9629b77f82872977f7f

SHA512
632f4d92d37ad545fafe9e9813a88b4bd19a450a11414bfbd0a6f9cf6dd6c612071bdc9a3f266353d380501896667d34223073b4ad0681cb7e9f529fc33a81b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc4dd02500cbb812754cd1e4c638b726

SHA1
814af9fc53147bb1f778f1b91b014a7b93e31a70

SHA256
3ed239694de62e1dada5679fe363181b8b8bb958028d2462730fd149c7151c7f

SHA512
0d4624937908768d2e64ee7d4bb47f5dab44e159f7fe28cfe20ad556b98ae83d9576c232e17b9eb27a3875edd3da117fe20d57023a9270d5ff3a6d6403e0850b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bbef8a8c58982d353b37587e4862a2c0

SHA1
f5aab03616ed41f717a1af3cf3227af44b96820d

SHA256
e7971d5c5d23a6f93e7e219a552a6b75d0d0c8b1b538f70cf6d60996585b031a

SHA512
2c26f4455ecbb0ac07d6ae593907e6503302c2d19061ebedc267364cb34f9372588ce40825cf2d67c5341944a8afdafef87dfd9d70e9d2277a707e14e3cc5ad5

Download Submit