498fc42ae6ce6a0c27ea14713ab0df27406cae16ec2913a0e73252a7c56e56a0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 10:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45bf6e67e32edbb63e316b9407e1cbf5_JaffaCakes118.html
Size

103KB
MD5

45bf6e67e32edbb63e316b9407e1cbf5
SHA1

972e372c9a2823081062e985b93650722f4c5abb
SHA256

498fc42ae6ce6a0c27ea14713ab0df27406cae16ec2913a0e73252a7c56e56a0
SHA512

7298532a36be290da8a8362b930183a72fc57d0d9879d6a13b4af6423021ce3c101b4139dd316ef01f19c274e2a4c8660674c30f986b200c0a750834a4a069a5
SSDEEP

3072:0AscxaEnkFRJ8DcJ9Guagyx/uKQDwARRXc1JkXltkeIAc54AcBVJYoGK:0AscxaEnkFRJ8DcJ9GuXyx/uKQDwAHjd

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
1200	msedge.exe
1200	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe
1324	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe
1200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 552	1200	msedge.exe	82
PID 1200 wrote to memory of 552	1200	msedge.exe	82
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 2524	1200	msedge.exe	83
PID 1200 wrote to memory of 3272	1200	msedge.exe	84
PID 1200 wrote to memory of 3272	1200	msedge.exe	84
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85
PID 1200 wrote to memory of 3668	1200	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\45bf6e67e32edbb63e316b9407e1cbf5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8591c46f8,0x7ff8591c4708,0x7ff8591c4718
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7070484050272254086,8646766651444898443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,7070484050272254086,8646766651444898443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2560 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1968,7070484050272254086,8646766651444898443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7070484050272254086,8646766651444898443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1968,7070484050272254086,8646766651444898443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,7070484050272254086,8646766651444898443,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2496 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2832

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
5866adbc7127a0b83c96cb4ddc1008b7

SHA1
a9e399000bf475ddd98a972909905db055f28c91

SHA256
4cfd53e054d7bd7315a0d3c8a4ba86b44262d1a4acb0c46ecb2edd18067cdea8

SHA512
9a39bc9bc21ea475f38daddcf4546591d602c765f83375cb8dcd338b28d1b5086bc1488d961a96f78ad2147ce22229d0c76b116763ce67ddc4eeb2c20d961710

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c29877b4b4bc3b5adb8c27e97e4ffb96

SHA1
863fb5c107e4c8db761d724be1bbb67ebfb21412

SHA256
79a3384025818de9e770e554c9f9693c3b3522e336b8ee8d7820e1fd8a40f433

SHA512
56e8098fd902b8243126902ebdfd0c66b69e97a46fc879cbb556a79650128c88c6aeeb226d4f158e6b5a6c60f2166421392e5267734217df8d8a866b0555f043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d04e11c0007e5158f36d8825aae9597

SHA1
2ff73c529fef51339ef8e56139f256035fc36ddd

SHA256
af6ccd7b41415a209f784ffe462a23eac39c49dd4bea203b32d0fafeecafab1e

SHA512
6598d7f985b0257604ef7fb546a38b71063cfc1704dae9e8f8dd3559018eea11d6bc341ff5e65adc50f37511d788aed6593020721487f51477e989f0cde018ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
17557fbdcb6cf197cc1ea4b219c52e76

SHA1
ecf01dadad0e110a564c0c4590be3a96de9dfe1f

SHA256
c2ff4f921370d4c52c289d6ad0f6d8d50630002fc9473ab2a21b520b30a6e550

SHA512
9b697763dee8d805922e60e4f05abe08be0bf2451f2b668214b45dcbf7d7e1c743f8b44f4128a15db14b6e4feecfaf302cae39f673ff9363ac3470720ae16941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
faa7facff89a5114e5a371ebff275f19

SHA1
3779cc938a183053eff1fdd6bdf0c3cc4b70e585

SHA256
9e18ae475c09bf106cee3e9a590bbbfc94dac30cdfafd4fb203ec1e1a3a7d292

SHA512
4775e0577a940ab32babf0cff0346eca0377f8cb9160720eab5e5fc48af940eb3b8f5cc65c5e279ec830e49d0b5c68932dccf258fa5e7aa2134302f6bd4eeb4f

Download Submit