33657961394816cd7c53693b1c7d180f1759524271d90c529b09f30922eec9e1

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 07:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4a15733da0c06cd6a465b815faa8b93f_JaffaCakes118.html
Size

71KB
MD5

4a15733da0c06cd6a465b815faa8b93f
SHA1

70d7e3ae21d4275cd85802b8d8612746193651c9
SHA256

33657961394816cd7c53693b1c7d180f1759524271d90c529b09f30922eec9e1
SHA512

af8980daaba48fe6cb2e0bcd06124a04ebbecbfb04c9ab4f235575b3524657b9d8d58eea9532bd832e2b9e6f80f824439d9452debb309e4c67a084e993c018e8
SSDEEP

1536:pBFIsxHvR7pe+5ZDGoQIZYxkXDI5AjIwo6QmcWuCw4S04sw8giSK4SkySWyW0M6w:Vpjr8IecQ2Iwo6QmcWuCw4S04sw8giSw

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2592	msedge.exe
2592	msedge.exe
4044	msedge.exe
4044	msedge.exe
3972	identity_helper.exe
3972	identity_helper.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe
4236	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 3060	4044	msedge.exe	83
PID 4044 wrote to memory of 3060	4044	msedge.exe	83
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 4040	4044	msedge.exe	84
PID 4044 wrote to memory of 2592	4044	msedge.exe	85
PID 4044 wrote to memory of 2592	4044	msedge.exe	85
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86
PID 4044 wrote to memory of 3528	4044	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4a15733da0c06cd6a465b815faa8b93f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe902246f8,0x7ffe90224708,0x7ffe90224718
  2⤵
  PID:3060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:4040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2372 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:4800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,540786330603504560,7097586260448948686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3108 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4016

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
721B

MD5
46c53025b91b21c65505063e0a296f51

SHA1
28dbcd13ea195b3a777badd8d19a9884f562776d

SHA256
969548480b512e9aa88a4a1466dad972194551bb795d9be5109cd9a85c529509

SHA512
a67ffb7a56c5a73246b7e03a1565018aa35a3b8b787a0cbc12834afe45139fdfb204e4bd76e0d277753af14b0c8ad46d34b8e44610676c74af3a8fe0f16209c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
966763bb34163695c9ad5e0b02b49828

SHA1
5249748172163e87f5d3ad80a92955d39b333a62

SHA256
dfa0dd06d78e47e02f177121320848125db4d6f1bd4cb7f14140c59ad74865d8

SHA512
ca3560f5469d7b5ecf6d3b41a5adddaeaac82364d58b23b7c5fc403c1df2c8dc6d93f14554197576d623fdb532e1e18d3e2253466307c28cdb06afcfda4766ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f22678660c89944ef53f66ef0093569b

SHA1
3baf6dd5bb47d2a91e4417c2eb9e3823d8673e70

SHA256
0ac01122f6302c137e313bc71206ce3290c145d204b7fb4d2b1d51cad70ef407

SHA512
5542291abc4a0034b95b1fc18e9398f213977dfe18bb24ca81ffac0bbe744ad8c7cbb5ba75d346e6730bb129c77704f5a34ee563f9f1aecd194882677b0ed494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d29097d80a585a4f35f4758259bd05d6

SHA1
6a24aa37b1cc99a0efa25645644a9f3fbd9ebf29

SHA256
83e94a4bc69f39909415c01bdf3e8b3e10976ee12f2815dbfe524d7cb6aa3e85

SHA512
518ad60a57f544260df8300c8e4b3665f817692c03be209c67f737eddae6624154f9d82abe0c27a0c469aead958c1e7d2199d0b7d5977d372aa2695f164ce09a

Download Submit