4a4c8a1b48ba5780bd0e556464e28963bb90f02558aac05d10d290ca835ac3dc

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 04:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

32b4fead3c34d7972c358fd3acca520d_JaffaCakes118.html
Size

130KB
MD5

32b4fead3c34d7972c358fd3acca520d
SHA1

e5999b6781693659f5c4ab95cda187e87a3bf722
SHA256

4a4c8a1b48ba5780bd0e556464e28963bb90f02558aac05d10d290ca835ac3dc
SHA512

921ec10565407cfc6930fc577295bc99f5604a1a7320d98b610e0a80283b9436f7cdd59855ed1b4c06a7657b5925b5407a5506b57969a3f5590c42ae7d435fbe
SSDEEP

3072:SP35jrlTXf9jy3sJCG3xYHWol0PITCuLZQLHoj9u4507DrBw:SPHf9jy3sJCG3xYHWol0PITCuLZQLHoB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
4028	msedge.exe
4028	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe
4484	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 4164	4028	msedge.exe	82
PID 4028 wrote to memory of 4164	4028	msedge.exe	82
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 1504	4028	msedge.exe	83
PID 4028 wrote to memory of 5112	4028	msedge.exe	84
PID 4028 wrote to memory of 5112	4028	msedge.exe	84
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85
PID 4028 wrote to memory of 4368	4028	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\32b4fead3c34d7972c358fd3acca520d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,12437515170134117750,9252223437902486193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
72547d63892c2034262a6b1c9203fc54

SHA1
3b585a9374e4930cd359172f2ba464ed8b504c1c

SHA256
09d33da5d833de7e17a460fce01b1dbfbdf1965dac148e27458fbde64d7fc2e3

SHA512
d1206f40f908c126d51af5080e4bb3d4b8c86c75bcf5b6455de2b86526de207dc9e15ac0d5f7df4731a842a4d2b33f2382fbef728b836a3ff8a06217ababc8cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4ba050ff065938f0112da1911a83ac04

SHA1
e22725979c24c01076f4f5c826a328c2e6fc54c8

SHA256
279090250f31939376f97375903f3ffcc90f7d1bc3f9069cff14803b2f9394b2

SHA512
68d9304705abfd897f54fdb4f7645fc54ec3373837e90a45f67523646033c38b29933ee0e7c60c960287161bc169df0952848d4afd855a099979e049b53ff8fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
743fa438cae99e8b01cbaafcbda2f7a0

SHA1
c65171ce1f4f81f6aecc067a9cc1ba74a1378cba

SHA256
adff362238543d607d7b677ffb2ed2d9a4cec527d41d8971709f6939c9b542ba

SHA512
112dd9e3ecf52d184865257a7d1c1e9434dc5c7e531802de82fe3648d667732e90981139c1ecb5f930e9ccc2e3bd42927c27ae643b1ab26e9b6d19ec6cc2e199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7f1c30e7bf6bb7627b46d99af8758b68

SHA1
18dff41bc4f19f1a67354bdb1e66fcdde2c980ac

SHA256
9a510fe28a7f41cf021d039e69fc555fb1f4e31bceca4bf4631b2a246247a573

SHA512
8534b262577db7f5d7b6ca7ded6ec719645a2b5e5b2452e657bd5cacd25060f4baf5eb16fdb8803503a1c195722457ac0a2d76555549d18a241a857599bd422a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ec9dc5d3a9383963884bfb7718c88fc2

SHA1
1c850df3bb67b8b0cbff6f5e516d845f58b71131

SHA256
c68eddecd42d374b68ff5b6cfd26e56c47365732868ed9cabb252c72bc941520

SHA512
8d35d77cc177c6a56656bbdbd0a9277a48fe84c2d1ad565520d88cadba41832ba774ce24965e245d4db8d844b0ddf4b74d0b6a78c7734c5768ed87b8ba23d3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
da435780ff7184cbae9d065c0be97380

SHA1
f47d4b3981a1bc036d219f79cccd5fa557abd278

SHA256
b24d2fe6f4758ce66eb18407eb43d5389c94d065cb7fc1c51ab68d1e56be1c6c

SHA512
b63f139dc14c3a47ba3b5bfc4e15f8219d7271ed319b27a1dfba68ab4bac3e8614ac5bab4e70d3014e3fc34e9e5f2cf12d324b8a602213272b4c89e638392e97

Download Submit