dc4c9f94129c24597fc966abfe2969b7181e1fe1fe7cf11ec8525970af2ae798

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
19/05/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5bc2d23e0741b983a4916c364b3baed6_JaffaCakes118.html
Size

273KB
MD5

5bc2d23e0741b983a4916c364b3baed6
SHA1

a29558a2d0c76a4ad90105e888053500a9965b0c
SHA256

dc4c9f94129c24597fc966abfe2969b7181e1fe1fe7cf11ec8525970af2ae798
SHA512

193034177022b480814d70c0d4613a9556a9c252acc88b06db53c13d25c3e97c5b0457adbb982248509fb25d1a4ce87bb20fde74a5423dc3ff6ba61a1ff003ed
SSDEEP

6144:fNMcIIIs3G4k5QhL8atV2yoU0iVQ5MIsuQyf5bTM+MdBXpKgXpgx4t4kDoFqmqMV:WcD73G4k5QhL8at8yoU0iwMIsuQyf5bv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2096	msedge.exe
2096	msedge.exe
1448	msedge.exe
1448	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe
1448	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1448 wrote to memory of 1216	1448	msedge.exe	83
PID 1448 wrote to memory of 1216	1448	msedge.exe	83
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 4520	1448	msedge.exe	84
PID 1448 wrote to memory of 2096	1448	msedge.exe	85
PID 1448 wrote to memory of 2096	1448	msedge.exe	85
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86
PID 1448 wrote to memory of 1584	1448	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5bc2d23e0741b983a4916c364b3baed6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3788 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,14015594364477203420,14449245399841079967,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
44KB

MD5
88477d32f888c2b8a3f3d98deb460b3d

SHA1
1fae9ac6c1082fc0426aebe4e683eea9b4ba898c

SHA256
1b1f0b5ef5f21d5742d84f331def7116323365c3dd4aec096a55763e310879d8

SHA512
e0c0588ff27a989cac47797e5a8044983d0b3c75c44416c5f977e0e93e9d3a9321b9283ea077e6dcad0619ac960ee45fe8570f1d5cc7d5d4117fee4f2f0c96b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
9d7698b6657881911e04ab08a5344186

SHA1
7f6185e5dc43dbf19c5784e2bea7e4f5df8ba476

SHA256
e3e92392ad64789e22229175a7493186417909beac54bd5ceee73472dafd382d

SHA512
2312e3a682f6b695412a5595b4919208fc514d2867317d9ff8261b091fdbdb5965bac71fb5c7b000fb12acc66dbbb22a0364c555163fcbf75927edc7a3f7bf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
9c5b9bec4c3b92a75e1f2ed6fd880f55

SHA1
770bd7647be9ce7d2c15a2a4750a727bb8d18576

SHA256
df2f7786c91bc461d6b88f101f189dc25eb856abb03638e216c12a1b91e9666e

SHA512
8f37fae2c3d0dbe798370a3dba9585b66255037ce415924497c546b6198e8cfb4b56db512f5abe648625e654a0968a405f2c4f7b6d7692598afbe76cc909ee38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cbfbb6946738d06815802b3499132537

SHA1
30aa08c5b9b025b6c5505a595a8d4673201799d0

SHA256
5eebd4796fce276dcb51ea9ca0ff4303f2e3aa291ad6ea6ade55372dcf67dfac

SHA512
32cc0202b2fc44fbebabf91b52992cc76e8ca8bbb5993ed3475be77b6b5faabda75654523a85449c336e96ee87574b5cd6cc3135ffe9680f51c3dcdbd5e1310a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3f0109e418183553326f5e620ce52cd4

SHA1
5130840bde876bfbe0bcd179b60519225f5ab769

SHA256
a01d0b8b287cfc86f1d18229057ce6d2f9bb76c632f56782cd14aaec26bf9e9d

SHA512
13805b5f5d844477e6cc79fa4e9dfc23936db6a1e2f64d7cf5fa36be0a2ed3d0409c127d8199093f901c5498ba925fa19d64384f96c02a9a9cf8b91cf7c05754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b3778db483f01224917ef664caa6a24c

SHA1
109018b19c00c38e84c72f2ac342c7a80aadb526

SHA256
0e6032d5809f325a300b037cef44f2e860261ad4d151788b4e3b949ac470ae4d

SHA512
0718c8279b4ee72d106aa25f4d18d0448052bbab55f996349a016a38d5d969f46e929c64f4880273c834015e9b3a30286d7ad08341f32efa31d709903cd5ec2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d8b72e79a4053cea709178108c85bd82

SHA1
3da493909f23eebeb4dad9419f1e93703abc9299

SHA256
da94bd1f4bf500798f7af9647ea6c96838981e3b2228cb48f29abe6b71431193

SHA512
dc210958569a5ed17c93c2dec5e816568ffdbcf7c0a1dd9e2c7603e4c6017ff950d35ea4916466b636e2e3639b66b836d767c3f00b1f03ff9c3a5c22acc81ec0

Download Submit