06027f8ac2e28887da76598e66ff738e4a45fdbac7e6b1014a327fe276c4fd1d

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48481dc25dabbd3dda74690e056035b6_JaffaCakes118.html
Size

214KB
MD5

48481dc25dabbd3dda74690e056035b6
SHA1

e219cf05a957c96ce255a6956818182c4999bc9e
SHA256

06027f8ac2e28887da76598e66ff738e4a45fdbac7e6b1014a327fe276c4fd1d
SHA512

621ecd9563dc10aa33748a905cb33b81833f6f051a0861f662d1d76bed85e70c296c7065ebc36e0c831f8ec3444920b2bf048aa1fc2805ace10d805d5ef65a61
SSDEEP

3072:2rhB9CyHxX7Be7iAvtLPbAwuBNKifXTJv:uz9VxLY7iAVLTBQJlv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
388	msedge.exe
388	msedge.exe
5048	msedge.exe
5048	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe
3464	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe
5048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 3496	5048	msedge.exe	83
PID 5048 wrote to memory of 3496	5048	msedge.exe	83
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 4948	5048	msedge.exe	84
PID 5048 wrote to memory of 388	5048	msedge.exe	85
PID 5048 wrote to memory of 388	5048	msedge.exe	85
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86
PID 5048 wrote to memory of 3724	5048	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\48481dc25dabbd3dda74690e056035b6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa82fd46f8,0x7ffa82fd4708,0x7ffa82fd4718
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14331448338885727838,3300575248376731605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,14331448338885727838,3300575248376731605,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,14331448338885727838,3300575248376731605,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14331448338885727838,3300575248376731605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,14331448338885727838,3300575248376731605,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,14331448338885727838,3300575248376731605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
069b7ca575a8d24baf70bd7a8cc7b0f5

SHA1
20c1ed45311753b82e080e9be17a3ab5896b9877

SHA256
010b8435d7bae0367e92018de2dc1cbc84758e809da86ab7dd7c5ec929c30ab3

SHA512
d88a30e7d292dac0f1b7c99e72786493c9de88f961d1628569d0109203974480800ff0a5e567b0249bcdebba9100daee45ed7413ef53e922b455581e7f0b5e4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bcd0d2c105f097673b51647bded52fa

SHA1
b1dfd9d30d33d170543097284cf68d7b8a71e056

SHA256
09c62ba759325796199fbb56074dcb58acee82c89dfe2359735b9d6c72b2f757

SHA512
65b843dc308a8f6f9fcd86969ee2a57234c7906e2ea3554ed0ee8a8e945f7ca5c092b85cde70f33b57eea6cc733d3d6ba4f3fb02391b98769e545b195e6dba40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e57d8acd63c2df575ac69dbb1377db93

SHA1
886e752013da9fee60807c1a1cbfeab755ca4a92

SHA256
50d65fa83ae8eb3fb1258a921deaa8bdfcc1d3b458b13831b82d5658a15b0e86

SHA512
7bf4e155dda449015930ab854a8424a029dbc1757e5fcd2c8983620c219c52069a895165ec3ca556807d76c16722445a2a8926d1ab8abcece111bd80903ece20

Download Submit