80854781e10b0021fef49e47ae7a0d5f49b7351e2fabe5ac4b0db001d120369f

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
13-05-2024 07:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e476b56a4a69f7bec16e4a5efb28005_JaffaCakes118.html
Size

22KB
MD5

3e476b56a4a69f7bec16e4a5efb28005
SHA1

29b8314d89a354c34d242f0ee747737c1db4e263
SHA256

80854781e10b0021fef49e47ae7a0d5f49b7351e2fabe5ac4b0db001d120369f
SHA512

32c5253465eca568b6353083183909ec243a2fa2780fb7e27689144063ec4fc1a71474c243caf2e5f8f836c369f17b0eccb7519127c51bdcf5b7f3d2d00dda28
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIr49zUnjBhXZ82qDB8:SIMd0I5nvH9svXyxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4336	msedge.exe
4336	msedge.exe
3524	msedge.exe
3524	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe
4300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe
3524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3524 wrote to memory of 2876	3524	msedge.exe	85
PID 3524 wrote to memory of 2876	3524	msedge.exe	85
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4432	3524	msedge.exe	86
PID 3524 wrote to memory of 4336	3524	msedge.exe	87
PID 3524 wrote to memory of 4336	3524	msedge.exe	87
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88
PID 3524 wrote to memory of 1772	3524	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3e476b56a4a69f7bec16e4a5efb28005_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc5b1c46f8,0x7ffc5b1c4708,0x7ffc5b1c4718
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3296608716576613376,13473127350823658099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,3296608716576613376,13473127350823658099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,3296608716576613376,13473127350823658099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3296608716576613376,13473127350823658099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,3296608716576613376,13473127350823658099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,3296608716576613376,13473127350823658099,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
924604b60733e4fe8d0a6a6b958737fa

SHA1
a08b76d7b8a9f1e579bdcce7f08faeef732ad3d0

SHA256
f5b647c777c884aaea679381158ccc70c5174949f72753498421a508bade2f87

SHA512
fd07560abaeeb6609d2063e0836e02abc70e6df3664a815ba63a3c01aac155b415f8642a956ec27c7e0644aa5d441a140eebac66a463475b8195e9a296723048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1b5e04a3cd01058e494f13bffc586e7

SHA1
80f1be5a3049b46d6f02d9c00719982e014fb174

SHA256
77a20bff169525439243515098793487e777d9ef7ab022735855fcd4867b4d19

SHA512
a46f7c5ec07e70b3706128281cd99332cffbe4be3f4e305538a128929e35cec3043961c3936d72a4c9178b21263c5e0f8fa280b6dd87a5ba74c013ea29a88f41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
081fb2c3d353723af9e6da0edd344746

SHA1
dd6c6b18206e2353da2956482d8a7b93f4c79059

SHA256
d8428ac504185d7c176b171d59b630e518dcd193c6e0a6a4f18aaf63a99b5a93

SHA512
5fca41819c92af26d98db56300ec016afb75e4ccd1a07925cbcca393c95fc62ed1820967e0620a7aff9c1d06097cc534b426865705cfb48538a2291eb0172df8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bcc9112d830e4228e60724fc07faacfc

SHA1
9b6a809b8eae0634bb66b996f047489f9b585115

SHA256
98fdfea3f87c4837380f06b4289cc3997bdb54b3ce12342eea523c707ea8979e

SHA512
6a64925c0f2bc73489e0f022a4f59689cc14cf051b4a7e526e33be8c4e46f88bb1cd603d8c75ea98e0e780d92dccbc3713b66afefd56c56a4145ed1e816b38cc

Download Submit