5290c2d89e720bb9eca098bf1f0cc9b301bfb2c812df35f8421722e9b8566d07

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 00:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

375a6b5421a0cac84baaf437579c1a16_JaffaCakes118.html
Size

69KB
MD5

375a6b5421a0cac84baaf437579c1a16
SHA1

9dbdb94747dd86b9b6d731b86237c0726072559e
SHA256

5290c2d89e720bb9eca098bf1f0cc9b301bfb2c812df35f8421722e9b8566d07
SHA512

c593024b8c5cdb76a4db56923d16030ff12d5de19a9066fea3293c9a06696221c269c8acfaf98220970dfc0ebba47c7364f7944843864ed814b82b2b1efad62c
SSDEEP

1536:bOFayx82XAdzeoxLb0ebBXHOPx+eCTDT1OBC:bOYyKxLb0ebBXOPx+eCT/1Og

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5036	msedge.exe
5036	msedge.exe
4504	msedge.exe
4504	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe
4876	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4504 wrote to memory of 3976	4504	msedge.exe	82
PID 4504 wrote to memory of 3976	4504	msedge.exe	82
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 2948	4504	msedge.exe	83
PID 4504 wrote to memory of 5036	4504	msedge.exe	84
PID 4504 wrote to memory of 5036	4504	msedge.exe	84
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85
PID 4504 wrote to memory of 4520	4504	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\375a6b5421a0cac84baaf437579c1a16_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc002046f8,0x7ffc00204708,0x7ffc00204718
  2⤵
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5680986887149663587,1564398472862509500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c37359dcad1fa5766b28d69978bb90bb

SHA1
658d546e833eda84b718ac712e0c438699ec2d51

SHA256
b882c3fd4372dd95776500417ca5d9e0576576061e6d01c14b583135f79a20ac

SHA512
45a85d01f8c74fdf7c707aab1a12b1557c24c841870afb272e4d321dc91f5b2333805c8542939de33b4343670e22ac065e53cd46386fd4f6af4e7a25b0f19f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
328d5de52ea27649b98ebdf5ba93a4ad

SHA1
c2d3275d781d958b6a4d9dda2fc5f2e3e20aad7b

SHA256
9d9e3fffc28f0c127ed8a126eeb43e83354187191c122b5edf1aaef199bee803

SHA512
a9692cb878a04bde2fcc67846e34c7f2fdb6ae98931411de5f54cb0fae3c0c1ba142b80fbe15332cf0e38a8b8a02a33983fee96a6c10165b8d44350c032e6ed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e537eabfeb7ead932fec647dfadb43c0

SHA1
f23a38b1b2cf88eeb8817fab16fd4044ee904142

SHA256
5da00547c555a7adf7b6c104dc941bdd4632d46258cb7a45f1ab842cd4e09a99

SHA512
7c15780bb76e979d1a5da21057a5b1c749ca05c324e35d030d04232bcb1601ef72b161516ed41d2c367c2c82f4e337439e26661feb1062305207a1dd91ce57bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9940bd392351c52fcde859130aa6fcac

SHA1
fa080f1edbf4565c472d7cc4bfce215ae6a5433a

SHA256
ba718259216ff16a38bbc0506683d2732da0041ed2daff5944378ab9432afa35

SHA512
4cb92e343b581e67f554b3aa22ef07b95c696cad7405275c756fe58682617d22a3f62fe232731af2e32523e7ac278d506e1e677d2f058fb1a1075da9e6987466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
84be2a1639e685f84fb0aee921f068c2

SHA1
4ae5b1d8525cfb7198509b84977147cf1701adea

SHA256
8618d14f4cc5c2fdc8f855b2cb533f918b8de3486e40e89ba9d938fb4a91db9b

SHA512
e5250f80ab6143a25f91660030896ff83192d72fb6fd87aecea38c915a9f10e42ba40e065867a0a28b107b55be6d4967157c390c6870a152d9d51b0acfc70add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
378c27edf7ea995431bff6babd7b406a

SHA1
6597e850e5ca474fa29494424f7fedab6f013222

SHA256
e194f09610f340559cbff924370be1ae88e7d508b0fa2a7993b2c568339fc4a8

SHA512
17d3f40a646cefdfcc525802f54c83ecee351c3a0bb35bb3907ba2f4cc3021f2471449bd0b2686cdf89436b79419828e43ac09f0bff1922a2686fc2334d808ea

Download Submit