5bc2ce7aa09c71768d3a823d59810c0c3465cd25aa83937268b5e860e5bfde6c

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 18:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4c75bc0d7d2bc5a8529d6b5bb7b008f1_JaffaCakes118.html
Size

169KB
MD5

4c75bc0d7d2bc5a8529d6b5bb7b008f1
SHA1

bf1cb4f3c58cf65d9c8b68528af32a064e5e0217
SHA256

5bc2ce7aa09c71768d3a823d59810c0c3465cd25aa83937268b5e860e5bfde6c
SHA512

3a3a5e46c7244bcf6d6afb35b61e8856999ccae7784c31c564ffd83eb3b2122b4dac9816ceffcf35a1bd9bf98d4719e633e89b9f840c33594cadb648f4d87070
SSDEEP

3072:SN2ZjwOFK8ulE3KS5Ul9mLUIlKhQruufJQ5bO3hu05clznVN:SNd8ulE3KS5Ul9mLUIlKhQruufJQ5bOO

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
4604	msedge.exe
4604	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe
4604	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 3392	4604	msedge.exe	83
PID 4604 wrote to memory of 3392	4604	msedge.exe	83
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 876	4604	msedge.exe	84
PID 4604 wrote to memory of 4828	4604	msedge.exe	85
PID 4604 wrote to memory of 4828	4604	msedge.exe	85
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86
PID 4604 wrote to memory of 3272	4604	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4c75bc0d7d2bc5a8529d6b5bb7b008f1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc801b46f8,0x7ffc801b4708,0x7ffc801b4718
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2640 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,9028333297020884331,7918013633643785573,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
df39850e5ebea3cd08b8529242984b08

SHA1
82fae2968d9f2861714c9f963023b9f8e5270e96

SHA256
4d703ef307d85d27485c5cba959773164d77a0259614692d54431eeae838fba7

SHA512
258e752e830f676ee16c0aa445e3d8e0d150dedcc65c84ec79ac526068e792b220697659e6d7c52528bf1bcd4c211f4eda8bc9e0ca7f1e7eb7c1e62d8a381702

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c09a4469a453fa9d9c7064255d9ba88e

SHA1
834c93964fcb5bdac385c86b69060d7bc36cbadd

SHA256
e3d22c0cb36de55a85a859f04cf4c25c9aae70a3319a9083a7bdd3e0b851b12a

SHA512
cfcb7446a97fa30cab744515d8d0606a5ac259bc6469d58ea49241f016c448b8239d83c75aec2d077dc7dcfae38f02a4dbc81148fee7e09902535b1079f10bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9ab7ea6fd954c1ce003201c324d2cd47

SHA1
8fb0b1bf3579e91ca3b0aa84304975d87c49bd76

SHA256
c992346e42e730a841753dd0ba0e025854175d6c26ff45c7a6860385809a14b9

SHA512
fd220d72f620fb156cec160e6aa5c7236099f3c28bb8ddecf8cef5f2e56a060420f4a0dfab87392852b860e8d4f79dc493e06b5fea14ebbc73c2269127ba3ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2acd8ed3442466ca629a21f185f344ae

SHA1
68cc30ed43b47c56d94aa3714fd5dcae484b5d4d

SHA256
2fdbab0cc3e3f2aaf974df0b9a54667ef932c4c0d9c6aa85ca958c7dd8ac22d5

SHA512
7dc6dedb8a758b0246ab702b2c1a155b45607a50167f6aeb9bd3d85a0dfb6f20aa9e65c6215f75666fc623cb41bbf4d5a09365347df4e2851b1029c5a104af50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d042f921303c44f1ff888e6e0e6f4919

SHA1
bea18c615187906a5aab8d0598bd36f5d9118a60

SHA256
f44605565909bd025e28c9937d0d9a4754339d7abf0dc9c7cad139c4152fc6a8

SHA512
f396197226782dc681428353327bd2f20b3b597bc1ad0fea33f45339a6c9f2a00c551b0ec408dcfd4c97b16818ab9e7dbd823e42cecfbe20e3c61360d9170830

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
17bbb393194a681d44c8d5e470416507

SHA1
f03fa888c5ab01b9e3b4148f3e5f9555c0964049

SHA256
ec8c97bf2d6e241b0f586ce63e5693c22c91236eab0c5c097723733ca3e66327

SHA512
76f27b82258c3693ed6d43d478a77f50c8eca9c3323900201b3ddd7740ac7b4a39c0ac163972eda7f5170be54c91e654f71b7eda865141f525cf814e5ea82ae6

Download Submit