616a36e0ab136dffcbfce4b3137eaafc3ffd6ca238d08de1787687f62c2f5b94

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 08:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

454e6d462d5bc5e65e1a9fcf72966a67_JaffaCakes118.html
Size

189KB
MD5

454e6d462d5bc5e65e1a9fcf72966a67
SHA1

e17df1b873655bd59339d280331583b8437cedc6
SHA256

616a36e0ab136dffcbfce4b3137eaafc3ffd6ca238d08de1787687f62c2f5b94
SHA512

4ceeba70c1098c2e177050425027a989331b453ae8b12c6eeff7ebf0b41e1c93463053dd14ba593d424381ccf364fbef1ed79d180843b6a8543c313d14e9485a
SSDEEP

3072:S4TAdiyfkMY+BES09JXAnyrZalI+Y6XXI6EyA8:S4TAdnsMYod+X3oI+YS1tA8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
384	msedge.exe
384	msedge.exe
3904	msedge.exe
3904	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe
3792	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe
3904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 4328	3904	msedge.exe	83
PID 3904 wrote to memory of 4328	3904	msedge.exe	83
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 2088	3904	msedge.exe	84
PID 3904 wrote to memory of 384	3904	msedge.exe	85
PID 3904 wrote to memory of 384	3904	msedge.exe	85
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86
PID 3904 wrote to memory of 4984	3904	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\454e6d462d5bc5e65e1a9fcf72966a67_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa322e46f8,0x7ffa322e4708,0x7ffa322e4718
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18362925380205598704,9944533238162973977,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,18362925380205598704,9944533238162973977,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,18362925380205598704,9944533238162973977,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18362925380205598704,9944533238162973977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,18362925380205598704,9944533238162973977,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,18362925380205598704,9944533238162973977,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1364

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\10e410ba-fe7b-411e-8389-0ea1389a6485.tmp

Filesize
11KB

MD5
b675a3ba161b6b5ee0803fb0ef2b0c28

SHA1
00a638c9667e10ed2c749bae8a24bd03afd7c927

SHA256
aa086b7b6c15d891b928b322b8e52735999e9d8cdbcfdf855272abd2a51c5110

SHA512
426cfd3ab53853fde7cf1c3d9c7ac89687a1b9ddb919a5ceb165c4f78cd2be8196c12dc8469c707c2983a3edaadf26c857df199721fd6a984031720bb8fa154b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c76177008a955fdfd2c11c804a8ee7ed

SHA1
993b5c5739a0505d4f692beb52fb82509caf65db

SHA256
b2a6b8ea6bc42fa7f8ad80f19732968fc113b5f5a9cc2edd5f7303704749fa1e

SHA512
5341263d99034cb211bd7173b25f17e953ba4520539e5730fa289752a5cc9053a6010a1ff0d2d46897750e62194b227975c1c2a5f4248fe963f42874a1645c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3347fc9d3d9a8821ab422cd764f105d7

SHA1
1ee3e09da620422bd9eebea6225b65aea3727196

SHA256
511a905967de831950951cf0f1f3e6faee8720ca4bc2b7e22aefa388232084fb

SHA512
3e097be3b198eb7205e421ad8a92ee0de3bfacc8f466f7d766713f420ab0e0f716b3990e87ec513325f4e503c5af938ea3de515b1a2a3d77387ca8f2aa9c6cd3

Download Submit