0515dd87924b2c575351bbb35795e17aeae44503766afc1638c2d12d55b3eefb

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c1d93422149a3f33081e7004d4fff96_JaffaCakes118.html
Size

138KB
MD5

4c1d93422149a3f33081e7004d4fff96
SHA1

01335613e75dac449d1c460ef1f5ace2c2455027
SHA256

0515dd87924b2c575351bbb35795e17aeae44503766afc1638c2d12d55b3eefb
SHA512

855134e333eec88a8de914051c43a5c797b42913c1e7202ba50b34ef94bc5ceee7153b19ceb8f97ab87070ccfdb7dce85ffb35a198d0b1a488f73953f8034504
SSDEEP

1536:SyZR+7lSBfyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusBTs:SytyfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2308	msedge.exe
2308	msedge.exe
3448	msedge.exe
3448	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe
3448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 4876	3448	msedge.exe	82
PID 3448 wrote to memory of 4876	3448	msedge.exe	82
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 1580	3448	msedge.exe	83
PID 3448 wrote to memory of 2308	3448	msedge.exe	84
PID 3448 wrote to memory of 2308	3448	msedge.exe	84
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85
PID 3448 wrote to memory of 2144	3448	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c1d93422149a3f33081e7004d4fff96_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5fea46f8,0x7ffa5fea4708,0x7ffa5fea4718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5931264305832200989,8037945583329063983,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,5931264305832200989,8037945583329063983,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,5931264305832200989,8037945583329063983,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:2144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5931264305832200989,8037945583329063983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,5931264305832200989,8037945583329063983,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,5931264305832200989,8037945583329063983,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ae76d2946205720de2bd2d5926e819a7

SHA1
95506b9c85f199acfe1bea1aceaa9ab9abd06825

SHA256
e273e305122ea27ea3c6413c482ee2cfaf76b636f2d78de7ff6752b1c22f4aab

SHA512
9616c7d0f121b99cf9b38e8dd910f41af4c55e49bd54ebb0f935662007895b105d5e748ddfc6eb960a76a3c7c8adf43279a586cfe2cccac0f8441495e8bc824d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4085a5f95ae55127c7585110a518391a

SHA1
d9bda777ad31749a697bd7bd70fc53014c05f007

SHA256
838a74cbd01f262027b23bb47fac7f77dd97a1965e510b14ef20572afae8472c

SHA512
9d8a0534e9e873ffe02d2237089cee8a3ab13219bf08db45eb54becd028563f90ea593f11e8426db7393861bc50cc9b91b7644473c0659395d3a3dce69378e03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b0a641601f3e506e967ad6aa012845e

SHA1
820b7b14b96303ffe6d7d1449ed8341f44cbc5fd

SHA256
113070a3d2ad975abd90c20a67383b62ed194767b5acc4c49f28d9ba6f4fd58b

SHA512
9535b2a2aec67ab84b8ac587d2236786d72ca4aa8bd804b96a083e92e15c0a0aeb25ae370351c3c9e631d7748a742abef83d84c3cecc0ff22d7d58f3cca7cd71

Download Submit