5182f790dadd9670e216966a5659cb8670b0c6d92b9775a5b78705c8b4ffd830

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 02:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

325f19b82e67ae3da5d5b4ae4c50bfd5_JaffaCakes118.html
Size

133KB
MD5

325f19b82e67ae3da5d5b4ae4c50bfd5
SHA1

9fe7d1b92bbfeaf438bc7822c0cb9b9cf7d0c138
SHA256

5182f790dadd9670e216966a5659cb8670b0c6d92b9775a5b78705c8b4ffd830
SHA512

460d17cf3c3ae995d794efb4f1660b636b95cffb3eca4f92f6fe2b1bae6f8238e30694826f92e07d10e1157bd1496f8c555ddde2e8c7dc7473126ba497e4a8f7
SSDEEP

1536:SGKGnMmyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTOy9w:SbG9yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
2884	msedge.exe
2884	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe
3564	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe
2884	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 4736	2884	msedge.exe	84
PID 2884 wrote to memory of 4736	2884	msedge.exe	84
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 4356	2884	msedge.exe	85
PID 2884 wrote to memory of 5036	2884	msedge.exe	86
PID 2884 wrote to memory of 5036	2884	msedge.exe	86
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87
PID 2884 wrote to memory of 1956	2884	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\325f19b82e67ae3da5d5b4ae4c50bfd5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90ff846f8,0x7ff90ff84708,0x7ff90ff84718
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1908 /prefetch:2
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4656 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4816 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,7550632101093253750,15254572528123193486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1312 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
6b8e56d12e702b21a8ff8be007174c4f

SHA1
fad32f644c24c905052ec84320220390ade4f1de

SHA256
8329dcd7ca42ee73a0a780555723da2b34a9fe01d240c0e2a511dd7872f172a0

SHA512
09ae2887f527359111dc8dda1fa16dcb47afb2cf7a28027b2fbc6ee75e0c3346e15b7d50c3a67ad2aa67c5ceb7aa46373209f606675ccaf7c4b8d741e6aab99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e29b80ff20589219a3efe7cc67b077fc

SHA1
db8001306fb31023d9ef4aa7a36f895289c395ca

SHA256
e6b19dde933f4254e42cefa2ccb1d805298fd63a87a57d989d281a1a5e97b80b

SHA512
0857a5ca9359c6948d37d66cec135993599901a45b96127c5dbb8b202be970695623df81de1ad5bd59e0356884633e0006555505c2cb0df3ff13f401ecd96050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cde1b553769e67b1e8b499e1bfdc657d

SHA1
e2a3db1d573a11103c6b7130ebb0f247653b4a91

SHA256
c61fb4b68a41846e861faca695d47e719e646c02b15c4c9d553734c5154217af

SHA512
2d809a192c4ee31776933ba2269d3aa933ac8d442e0a1a11e0529ed9c191504d5586dbff9ccd8bbb452b895db9ccd07b8696b33ef7d1362cce1dabd40a3a10be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e848f6a48cb62734b5f59219c7156fd2

SHA1
06c5e63aff4dee39f85d59400b7b8203c9c53ffb

SHA256
204be3b66656fb6310ee291ac9193d70f69f9b94f4fed0ec7b730b0de6a9066a

SHA512
71d3da368ab548a64debdf9f2b6f2d7ce80b049f4cd77091c61a7685bb14f3347c35f38ae662caccb332cbf05581bf30cd702fec35bd1999b1da53f7c6aea035

Download Submit