d4332af320ce4f652db2511459e26f2cc7db43fc8beb693d1f0b5cae963826c9

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 16:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4be9ad55fda5c278c20bcb087a139607_JaffaCakes118.html
Size

278KB
MD5

4be9ad55fda5c278c20bcb087a139607
SHA1

e97e98e2d020ae2ac0ee6092a73ef563a5919b50
SHA256

d4332af320ce4f652db2511459e26f2cc7db43fc8beb693d1f0b5cae963826c9
SHA512

d44641c2f0de974386e86b2ed40a152ac1c4382d988f15bd302631add96dabaf1967dda11b33f95daff07d95d9923abf18fe7126699a93cfbb07c9981489301d
SSDEEP

6144:YJHcIIIs3G4k5QhL8atVgdQOigjSiVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4UO9mg4:WcD73G4k5QhL8at2d7qiwMIsuQyf5bTa

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
628	msedge.exe
628	msedge.exe
3592	msedge.exe
3592	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe
2704	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 1044	3592	msedge.exe	82
PID 3592 wrote to memory of 1044	3592	msedge.exe	82
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 4084	3592	msedge.exe	83
PID 3592 wrote to memory of 628	3592	msedge.exe	84
PID 3592 wrote to memory of 628	3592	msedge.exe	84
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85
PID 3592 wrote to memory of 736	3592	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4be9ad55fda5c278c20bcb087a139607_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84b6d46f8,0x7ff84b6d4708,0x7ff84b6d4718
  2⤵
  PID:1044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4632 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5040 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,16184024560292249012,10630131990941330528,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2764 /prefetch:1
  2⤵
  PID:3868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
65884f0257314945ffe25f2462256c31

SHA1
d60c77b688939b58258c8b22c545163a4c83907a

SHA256
8bb8dcab74806b575b393c51c086f6d9302f6c7b4ea9d48959e173693f1ebd76

SHA512
7f218da22494479373d42599e3a31bd7a07676a6968d7411220b1f506955756bf21b50d3c57b51a94b22e5b0fcb14cb32fb788123e07cbd02a68cec6b0429697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1018B

MD5
19fa9b1956834b3f0ed9a2156f9d5b47

SHA1
32aec3820722bad0c8ff0cfdfee1a511ca2681d1

SHA256
fc82f1ecbd97384c9c972ef21686172c578a150044c6bdfdcd021bdd87f385fa

SHA512
98d9e44122b5d8a8a6a1d9de86ea0871c614022119c0a399c1661dec162b669157f30661ec8d0666e276bf2f86229c1822fc1fc21bbd0a00162026636ddade7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a26b3aeee60a1c77729f6410ff7f3df2

SHA1
727dbdbca263776b0b5991340de243a22e26dc5c

SHA256
9687b38ca1620c4a626df536e6b72ee455bd0adc54af01cd5e837d2f668ea3aa

SHA512
e2dc9cbf513a1fdb4ed4064127342b892bca70b96fcc644ed16ea88b740c10cd49f1a6a0e92dbcacdc3b6660dc2f340c4d4c677077ba9c0a0d25f99090a8494b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
009c84be273be64df51004c3d3b8b688

SHA1
fcda9332478fdf0bf5783766fc79f27d4e554883

SHA256
73398ca119779dc9c06faa144460e6398cf15240696c903255034b3bdf7da523

SHA512
724d0b025180d4522675d4f012773423de5cded92a93fb31ef12570c9bbcc49fbd92bd5e200767792a3050171c043ac499e87b50cfb0248b4c6bafe29cf63663

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
85fb5a778b7201f116a5ab8f14d17f7f

SHA1
afa1cfd57239aa42a76c6bc0bed0f472c9fe7800

SHA256
a7d08113b747ac8d7b9b415f90eeaa0342e04f8e873056bbc9e67968590276df

SHA512
c338b65d90d1115f95c23022ff32c90c3af3c436cf13be8878451da74b6b74e5bc46288ce8c93256bb56a6c0fd17383bdea29f7784a75f3136baf960fa5d096a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b563af878a0b1198ecce39a9f65bfb3

SHA1
fa237ee99a1240bee44ab2af570f3a4590e0790b

SHA256
ead411527c8fe527fcdb2e867d5d39e8a399f1cdba874b2b81673cf41403d220

SHA512
da97d7fef2e0e2c9f6b199ecb6f0aa946e70cd79445d07ccd9f9010da1141df113f03c84755332348b1ab6644c46c4109eb3162d767618ae00fbe1c9c713465b

Download Submit