dd1058699a6ce66329ce1c05e7032eeb299914535e672ad6fbe8ea16a5e4d008

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 03:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49369c439b603c87a552f1c40aa65a18_JaffaCakes118.html
Size

18KB
MD5

49369c439b603c87a552f1c40aa65a18
SHA1

10b2d2c623bc5cdf3e5f2f7004354d470bb5509a
SHA256

dd1058699a6ce66329ce1c05e7032eeb299914535e672ad6fbe8ea16a5e4d008
SHA512

74a43a9723317346b0f3138fd32a231a7f573f7f5acd9e62a831faa40700029bf18b1b9dfaf29e1512c5eb95cb3a3fc4ed0201d3e18f764770ac66e28b36704f
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIG4QzUnjBh0O82qDB8:SIMd0I5nvHLsv09xDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3840	msedge.exe
3840	msedge.exe
952	msedge.exe
952	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
952	msedge.exe
952	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe
952	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 952 wrote to memory of 2116	952	msedge.exe	83
PID 952 wrote to memory of 2116	952	msedge.exe	83
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3996	952	msedge.exe	84
PID 952 wrote to memory of 3840	952	msedge.exe	85
PID 952 wrote to memory of 3840	952	msedge.exe	85
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86
PID 952 wrote to memory of 2992	952	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49369c439b603c87a552f1c40aa65a18_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ffc314346f8,0x7ffc31434708,0x7ffc31434718
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9619001510007137068,13460761069409322157,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9619001510007137068,13460761069409322157,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9619001510007137068,13460761069409322157,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9619001510007137068,13460761069409322157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9619001510007137068,13460761069409322157,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9619001510007137068,13460761069409322157,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2908 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e43796279c4c1c667afa0cdb42f98fb0

SHA1
18c30033be70353f73e130b1ec6fdd1df721a548

SHA256
04cf669c177a3bffbf0096d7404e6d3291f315bd0804d4fa0084ecdde7816725

SHA512
3a79488f6bb3e1f6bd6edc4df2d5004ed82e0843dd48d30cb5fd8c689b53a4f004677a49c6bd309ecae9054d6bd71665a88fa624e67d8c1aa730e4aa8cc26242

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
58c0ac4d90a6809c76cd7ef7f628b8cc

SHA1
d99ace285d6de48e2b44e0c417557c4a7126e8e5

SHA256
06a588c999480c7c421b64b5b589db8f688098d5248a76fe7fd8516c868d806a

SHA512
8edc1eb5f0c2a19e0ea4077dff1a06d08af65104fa66da91b7b56648250c50ba54a309f9789057aec3cbd37660c8126c6c21dac8c746b782a0e86296c6a05c2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3c99c3a5673b09f959c01f8102a0d045

SHA1
4b95992f01ccb4b4f02b7da92bd3bdb853ac1095

SHA256
e754dd526d5caaa1ad49e4cd0b15d7dcbeeda023bfe4e9b81e28c3b60e22aede

SHA512
7fad9407d47d5901b9632b3dc9945256df65b12c2391300b9f8392d1151aaabe718e4939f143eab3639565119bbf72f547a25c4f3828e36bc078125faadbba4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5cb4aa28cea3f4f49a58531a64f0c53f

SHA1
5d160afdc2d25bde4e1bd68324c5a0919e392441

SHA256
689b1815ae0a078674ee783ddd2bb9dab8c2ab91cf62bb17ae9547c5420293cc

SHA512
0e7be62da3ea90b864b5ffd6abeb81e6a0fccae44c22cc84d0ee0e79acba38ca1cf6cdc9ed9123e070b329f397485cb87d8456c748609582ca8a15eb01851bc4

Download Submit