d737ed3c033ba5f5073e4fc7ed6ae12d1daf9953b10ad7cbd077465f2e54cb60

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12-05-2024 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

375de1435d8d88614acc821b209a2a41_JaffaCakes118.html
Size

23KB
MD5

375de1435d8d88614acc821b209a2a41
SHA1

04bd00407b5cb9f6758f32b2d0812796c2ad32d4
SHA256

d737ed3c033ba5f5073e4fc7ed6ae12d1daf9953b10ad7cbd077465f2e54cb60
SHA512

68f835038dcd55a216ff32ae9d1f9eb95108ba2e65b553ae58bdd33479a1589e39ce3a66a214962cd0982461bdd615796e0139e79dbafbad86232ad8d379eeba
SSDEEP

384:SIjQ5urjQcVWY2LuO8UocfhpGrbbnF46FrcrFmFtQFf6ha4brha1buhaXb2haObo:SgWurmmKfvGrbgHd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3812	msedge.exe
3812	msedge.exe
1360	msedge.exe
1360	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe
3468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 960	1360	msedge.exe	81
PID 1360 wrote to memory of 960	1360	msedge.exe	81
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 4184	1360	msedge.exe	82
PID 1360 wrote to memory of 3812	1360	msedge.exe	83
PID 1360 wrote to memory of 3812	1360	msedge.exe	83
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84
PID 1360 wrote to memory of 2252	1360	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\375de1435d8d88614acc821b209a2a41_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffae19746f8,0x7ffae1974708,0x7ffae1974718
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4623451663827895987,195675187562361638,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,4623451663827895987,195675187562361638,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,4623451663827895987,195675187562361638,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4623451663827895987,195675187562361638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,4623451663827895987,195675187562361638,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,4623451663827895987,195675187562361638,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1612

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
a6a1c15e1d734db45d62289cb87dd8b7

SHA1
e4008c590b4c79b70189d8824471748a6107093b

SHA256
f1558319567e34d12c2e98f7e0f112fba204f32264a87db6dd3d451912d83353

SHA512
2bebb7db8fea7c65b10e38f97a57d4342bf6711e68a47ed6187b5a662e1499254564ef5a281b51d4a8e890dec4951ce52ad3a951c48ba4dcc7e375982ac5c21d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9e8b2f21441790b9053041e45e8cb44

SHA1
0674cfdeaa02a2c07bed24e113200ceaba090eb5

SHA256
bda68dfa097c70ccc5b525284387cd86267fe627638669a76d1f4dbdd4dfe0fc

SHA512
60da395bc03550b6960a2f9b10f75426bc2a337592c4d5cf48053ad0afcb9cc1d08ea5eb0ee79ea7db3d1939e3b62dd08e2819a2183302e71982c6de56933297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
19528d97efb3b778bcc38c331a8d6b1e

SHA1
e4cb017982c99d906aed021ce648e71197648a09

SHA256
d2e99b8613bd48a015fa7e31dd14dfeca43bae2d7e7a972840e5c35416f8b4dd

SHA512
7c15d9bd787e1c3a87a60b49c6a9af2a6e4573c1009d7b2bb59d134dbc056a9b1116a671a1ad1462d39a30555cdfb1808dab41e784ed72245de11605b2bad4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b7a8e4e05398e11e4b2a1c23783ff781

SHA1
da2eacdfae2bd1c5d582bf111eb64e399bfd7255

SHA256
64fa25fa18d71383e62b727c2059e4bc7d95867563069207d697779ed1be7d80

SHA512
c897f1833999335754b505137b004e5f7ebcb8b7e6d1c78c2561a67dc1ebabde3f466944908432a1cc2a658f2bc3510177eb0ec1ebc8d4755cbaf3cdf85a20ca

Download Submit