0a0e46ebdf9cddf3f212ec472c14fcb96cfd2be03fcb13c46a8f65e7367431f2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 12:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b0496972faea092d04095e829bbcdd4_JaffaCakes118.html
Size

49KB
MD5

4b0496972faea092d04095e829bbcdd4
SHA1

93f1049263c3e3601cf97fb7731935551a0444e6
SHA256

0a0e46ebdf9cddf3f212ec472c14fcb96cfd2be03fcb13c46a8f65e7367431f2
SHA512

77820590bdaf89ed0409b4b28b49266278a5fd30321648530bb8cbf1041cc39073aceea9fd964797b58d6fd09bf717e8eab1ef4c1f00e71de7e16b08e5fc069a
SSDEEP

1536:SJ2Pv5iHWzszkzszKznzjzEz8zwzgzJzDzCzmzszOzNzgzMz9un4sbnlueqm5Ywr:SJUSnZYwVpt4I

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
684	msedge.exe
684	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe
4204	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe
684	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 684 wrote to memory of 3748	684	msedge.exe	83
PID 684 wrote to memory of 3748	684	msedge.exe	83
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 512	684	msedge.exe	84
PID 684 wrote to memory of 4520	684	msedge.exe	85
PID 684 wrote to memory of 4520	684	msedge.exe	85
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86
PID 684 wrote to memory of 3332	684	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4b0496972faea092d04095e829bbcdd4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc65f46f8,0x7ffdc65f4708,0x7ffdc65f4718
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,13942785525149262627,3077726777713355312,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7eab18107437e288b26b3c3d2607ecff

SHA1
c1850493c78f88eb41882558f5e0a2cd770d00e4

SHA256
54ac04c3e294fd790253f6591edad658039cc3976936c642dc033b7d48891a3a

SHA512
35543c66fe89aca2694a35a9bae3589525aff3370cad9475d00cda41cdf2e5a739ecd8def2434cc94c70fcdfdfc079bf5ed7b29fc312af9c212566f069f5a6b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
56fa489d9c219eaf5e33a7c666d6eb6d

SHA1
b59e91afdca8d6e323077ed789d976659ee7773e

SHA256
982ceecc5e5f31169f2a5c6f78bbea1151093da0fb9bace2e6db41035a477aee

SHA512
ba91185c3c1b53d3b4d4f122fab19fe9ba76b3f82005742b830e9904a0ee13c0d8ca622a44b2226ea3c52a633b0ee445675a317d22c8d552b809f49651c3acfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
234c9978eaa84057774c92af3371a8a6

SHA1
2bc3fe0ab7005a818abb114f2bed85ac6d9cb973

SHA256
cce2700938f6e8128b5fb8878850ab3a6e9b7f305e69c18dcdbfdb172d5e4de7

SHA512
d93739294e501c1df5dea8d31d3e91c33179596259d1f3b5f0d2c668b32dff361a4e21f3b4a9faf3bba614fee0c58dfada6e605c6b502e2989220ebb5c22a89d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
807f107a86f994936bf9701ad8e322a9

SHA1
747b169f37d1fdac51e3aef4b5c49d47ef84e4ad

SHA256
f4e8b04a112939d49bb467fb1b907349e7fc1976e59c55114ed8489489e249ba

SHA512
faa7b5af30f35ad82f4ff60569a0aaa0b3ed504b03c2e3ff4878b2673464f146a6607eb2b65a73286d0ffdc101ef648e107863a72539de259a09c0831f6641bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
6ce56d379e4c8fd9e05f32ade4fd3f4b

SHA1
153020b4c8972fcd12685dc8849d00623e223813

SHA256
747c049c0803378f1221369e155341742661d41bf9c5b44956c875f5b88e842a

SHA512
f39a45f413474977f12eb516fffa129a87e4fcf6a39f18bc46ad879bf3cc151a48948224feaa402754e2353d52c332e270d468750ad599a80455ec03cbed74c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
eea74526b7f36ac1333776ef19cf262c

SHA1
78c3f104807d10f21b1599ea955900b20a6bac04

SHA256
9dccb54501a2ebb201dca577a63ab9eb69f58b1481feedb27ea24e9c127c5df5

SHA512
fae856218325b7c6d222d7761948338744d758d984675a26d40957e5ef8704332fcba03dd69a7efef46dc61c1db344cb9dfab4462039436c6960c2c04f711314

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
875B

MD5
ece03656e08447003b0b7eaeb2fcdcf7

SHA1
f4067b2d31dfeea9ec8ea60e8a4e1ab016cc445c

SHA256
827551d6d57e9afc0a61f3685181c62be78acd71978519d01d5e17eb13132c72

SHA512
07c75271419d514cd8c4cd8e377accb47440068413b4f41c03fef54827d0c5f6f578e9ce335d5ff398b9265c80280a3965b14e13f2c0964aaa3595bdcc653733

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
0ef76d1261d04885f7da09de85a238a4

SHA1
a02e48dda6252564b08bd872e92674b45cd05771

SHA256
c59a0d16237b6c32241a123b77039a55e54eacd4735269e5968c4fe503b3adc2

SHA512
bc52d9edc46f9f877df83cebcfcf1408190b873b2b5107b0b5bfd6b4c093526bab30d94b512f42705458e349e2d5baf41d63ba2ca19067c11f16758b91a1c5be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57cac2.TMP

Filesize
371B

MD5
85ae07681b7a52b3db0aa4fa36367d61

SHA1
a3e710b582afb5192be26577f758a67434160ad6

SHA256
6a46cb61e035432b83b852a6be29dff3378d94633c4e59b00e92b6842b14197a

SHA512
90d95182bcbd25d96061403f91cad26b21af02263f873bbef0ef30c0d7c60ec508858a5cdba31ce46d201078966e08539fcc3d49f3bd579f9bfdc61b5061790c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
38ba9a110ef118c8581762e396a19a8b

SHA1
62b14b6881e37a6d445f124bb04a02b319fe6049

SHA256
eced0567f310c7d1894ae3a4807f7a26f4ee7548637979647ac3840fef0e505b

SHA512
b5e74a23d08ff724c7df925c38b2a0e85962e45cdb68cffffb283b1eec61719328de8e40f7a48437f2193e9c58057cf7d1eaa8b79c2d85f740f91a16b881b752

Download Submit