bd18b04e8bb7232e2a8cf991153aa22821c0a70f360fd7c5d1eca6c5e795bd77

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 03:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4450180dd67eb12769e52be7ca35dce4_JaffaCakes118.html
Size

139KB
MD5

4450180dd67eb12769e52be7ca35dce4
SHA1

c91c37fa1a76145dba52ba8b3219eb6cf690a6cf
SHA256

bd18b04e8bb7232e2a8cf991153aa22821c0a70f360fd7c5d1eca6c5e795bd77
SHA512

168c4f9fb5f72202488057e82786ab06351d8fef138b7dd639de80ac5c21407386115c73cf931554f1ad640fa0cbb3d2f62fafab0c89f71eb68a815f70e5a930
SSDEEP

1536:SfPvj+s9UlEvQYyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrk:SfKsrIYyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
5016	msedge.exe
5016	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe
2064	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe
5016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 4116	5016	msedge.exe	82
PID 5016 wrote to memory of 4116	5016	msedge.exe	82
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 412	5016	msedge.exe	83
PID 5016 wrote to memory of 4416	5016	msedge.exe	84
PID 5016 wrote to memory of 4416	5016	msedge.exe	84
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85
PID 5016 wrote to memory of 1684	5016	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4450180dd67eb12769e52be7ca35dce4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c4718
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6636460378949951070,2972331240356183192,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,6636460378949951070,2972331240356183192,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,6636460378949951070,2972331240356183192,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6636460378949951070,2972331240356183192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,6636460378949951070,2972331240356183192,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,6636460378949951070,2972331240356183192,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97e550482068ea62f34599ba46f3a31e

SHA1
1cd36177bca9e1cf31319500177a0fbfacfa80b1

SHA256
e59554b25ce26c14d6dd13c601a9ff8cdb4df221894443c21d09d0178002b2fe

SHA512
fa7a78fd815893e4a9f340ed90ec804c010a39552194d0c9bb10e5e41bec26ef0e590506f628f38c8942af3259dd488cdc8e5d1b698b6f4a6a3afeba12d24c7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f4b2bb2d79de6770ef9eaf7b3c882a80

SHA1
16c6e03848ac37cdf0a961c22466376c64e095d5

SHA256
f198eb4d99a255cebc8d3d1b6c1e8cf17182b4ff0976f83c1e73cab5e9207bb2

SHA512
d79395680b4d31cd1b27923a52a47ea1c86489b3987a1bce4503a0fa832333fd478b932bc855da80fcb609ccc7f80076fffeb3f4ce15dd5b8afe213ad95bc19a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5436238fc2751e54bff8fae40a91cf6a

SHA1
29beac463f1c2ce43bfd789857faf98ad0dccd2d

SHA256
b6996bb620d4f61b80e5ff69e5cf8cd8087d7233c71e54f6f9d5b8bf97933bc1

SHA512
ff4bcbaf2bd30e86b536d6c36ff3ecf8bb52604e4e7808c371890422d85ec0155a98f15525a9eeb80e1a04d6480bca14f91e41c2a6ab1fcfd73944485d76e1e9

Download Submit