daf4e43ab78a3398232f46f43af710a2171eed48f0c2bccdc814fba088865263

Analysis

max time kernel
148s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 20:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51501e93a763cc8a1be8b9977561695a_JaffaCakes118.html
Size

310KB
MD5

51501e93a763cc8a1be8b9977561695a
SHA1

31136bc7a1f43a6a2b6d1052f9e23d137d730b2c
SHA256

daf4e43ab78a3398232f46f43af710a2171eed48f0c2bccdc814fba088865263
SHA512

75bf002b67694f55984d499e10c6a76d4847166dadc4bf8778d7fa21ab2e29d695b96755cd76b569fe89e424a7c7ae54c2219347e1dc92915c966b224223f928
SSDEEP

6144:o6OOBuLfHezkHpnaeO/39j0lZ9zWeBGR+hAjw3Vu7mKN2Z32+zT2JPEJ6KgAnpve:EauLfHezkHpnaeO/39j0lZ9ieBGR+hAL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4756	msedge.exe
4756	msedge.exe
4328	msedge.exe
4328	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe
4328	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 216	4328	msedge.exe	83
PID 4328 wrote to memory of 216	4328	msedge.exe	83
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 2820	4328	msedge.exe	84
PID 4328 wrote to memory of 4756	4328	msedge.exe	85
PID 4328 wrote to memory of 4756	4328	msedge.exe	85
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86
PID 4328 wrote to memory of 908	4328	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\51501e93a763cc8a1be8b9977561695a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,15426305799110981159,7985233189980095009,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\84d74036-cc53-4f2e-a88b-244d3eefa4e0.tmp

Filesize
1KB

MD5
1df8e9c094de5993d4821b1f361b05e1

SHA1
15dc8ba9ffdce2bac62b3a443cd28cae5e1f4bfc

SHA256
7523ad8ffa1fe86a09fbc2da74e540269905146b818db0f8fcefc071ae3a6477

SHA512
a7b2ad0c0b1ec70c65b9537728e91c7bcaa6b79da76bba2bc522e32e00a430061fcd3469d0b6c0bbd682bf6e8d7d608de479968cfe09d01634db31f2ecc1e7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
22KB

MD5
5e74c6d871232d6fe5d88711ece1408b

SHA1
1a5d3ac31e833df4c091f14c94a2ecd1c6294875

SHA256
bcadf445d413314a44375c63418a0f255fbac7afae40be0a80c9231751176105

SHA512
9d001eabce7ffdbf8e338725ef07f0033d0780ea474b7d33c2ad63886ff3578d818eb5c9b130d726353cd813160b49f572736dd288cece84e9bd8b784ce530d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
646a622db731d4ee1332e98e9e8f6625

SHA1
8c52ea6865b8dc5a3bb13fe331647c9ccc63b507

SHA256
05c1709c73713c56a28f594abf6499be9b94cf68ca8991a219b84ca62ddd0636

SHA512
ac26f2304a9e2d669f6fb19e143d3f3e09e31ae26139c2ba4c9d63d223faa7b0c85d2e3f4d9982f8eb913689271b3a69a7ae07f4dca992e9bd1a4395e44c1319

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
79edac9473b70d26bfb7c077e7d61670

SHA1
369cd0235574d0aa14b8b024bbeb1e1aef348b04

SHA256
67038c50f6d8de055236a749ea3f6247ac026d5d58623d0e47bdbac06c60b84e

SHA512
6716514164587f9d5a244c38f8b8f51f4f454ac90c8d155364a1fd98559b34bc96c1fcd8bf8b0dc3f3630b5a71c4dd5c7a62f867734ece054a625bbff4af13f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a683991a6a3a2476ddc1892606d1147d

SHA1
bd7d8b895634f1fa6695562dbf6f262212a05eb4

SHA256
1f16a0a7d9e96cdddd04cb8f0959d6997e02acba51441fe253b5d54621226b10

SHA512
dd2922db9b25ade1b6e6b5ca3a2e45d8280dca3ce459f7b58146dd086057eec7700febeb86b3332945672cc06fa5f218b5e4e51b039ab4a1fbf1ec9bcd3dffa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
46789cdc327a3827e537e0ad19bbaaab

SHA1
08fd63be49d65db765e524d16f5e94123b50a955

SHA256
08d40f88a69fc403ea1b4f11df5d045652cd8ec7d52445146a04c628d5037023

SHA512
4dc1c47e4d146d093f3276c2941a372ed7d0cb2633b89c39ff5e7fd97302251f3c8b33d2a3871e98598f0a99b359df519d678f5d9da1f3d076af23d1736e0ec5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0d5f4456933aabfc34538c3b16cd359e

SHA1
3387b41703889eb13e50ab6795aec726a3379716

SHA256
29ed4e8805005be02408d427f36a05bad08c6f52c5aba444a3631eef997878e4

SHA512
81316f7055eb5fed2c1072292772e1f567d005c9fb921405d8b2d8c78460e683267cbe623998c49e05301f6310863fa62c26fd2d73efff8a9977dabb38ba5f3d

Download Submit