e196d4660fd1bf0c3bfe77154085d530dc1d95a854cecb6d8552c32b1d857b1d

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c538f8e348aa545099f1ad8ef7d91ec_JaffaCakes118.html
Size

18KB
MD5

5c538f8e348aa545099f1ad8ef7d91ec
SHA1

fc35a7525f7ab51756a784dc7f3b490ae00a60e8
SHA256

e196d4660fd1bf0c3bfe77154085d530dc1d95a854cecb6d8552c32b1d857b1d
SHA512

4a2d255a1118a1b74be30530b7a2abf5b255d48b9beef52b0e39746faf6633e0ca4fee35a2c82e9794c77f83a60fedb72c259d1ebe07f1237ce6e01e3d5e8fce
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIq4UzUnjBhQK82qDB8:SIMd0I5nvHTsvQJxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
1852	msedge.exe
1852	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe
3808	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe
1852	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 5032	1852	msedge.exe	83
PID 1852 wrote to memory of 5032	1852	msedge.exe	83
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 2656	1852	msedge.exe	85
PID 1852 wrote to memory of 4976	1852	msedge.exe	86
PID 1852 wrote to memory of 4976	1852	msedge.exe	86
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87
PID 1852 wrote to memory of 2032	1852	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5c538f8e348aa545099f1ad8ef7d91ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffafda846f8,0x7ffafda84708,0x7ffafda84718
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12492299613985352763,9587312604192286032,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,12492299613985352763,9587312604192286032,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,12492299613985352763,9587312604192286032,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12492299613985352763,9587312604192286032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,12492299613985352763,9587312604192286032,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,12492299613985352763,9587312604192286032,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3700

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fcba163ea16f703d86cbaf5eea014e34

SHA1
1200bdae2661d2f9614050eecaa27727d857b1d7

SHA256
daa3380e8221c6b9797913b4936a70c38ae88ddb1ef0dc26de9f766692c2567a

SHA512
441c9fad7b1623df5e8561283737456dfb861c3adbc84fba5e9bb0bb97b7a3d0656d58832d8854ccf0e7b3b12fad5ef5c60e1fbe080b57734906ac47646ea445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ca40af049fc07f22eafcb1fd5b8607c5

SHA1
2aa72b0f3b72b4882f90b3b44dcd9d9e652af952

SHA256
4e44ca817759c221d19c4beede5c0ebb851a52f1f092132fac88a2e9493c293f

SHA512
b6f26723c6b4d22e407459652d9c613a02538c49820ff07316586c7de845da76c5d9789cd0ee6ce814bd8504cd07d393e05e161e1d158c64dc660a1bb047a017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d4af2ac9171cf3e907bca7713869982f

SHA1
dd6c59a5a6ff038842ef0c6d8e65bf3f9fc65081

SHA256
b6bfcafe6675ee3ba41b7ba9eca479ffb17267d0dc6dc3f4c216c06c62a352b1

SHA512
81041e806fc4a4a593bbeed79aede0e8b1bb301f641a61a96f1edbc8bcc1adeca5ffb8d4ca4a343c397daae8e18c8cd7dcbcf60ca129913b7959e147c811f683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
617184223115668df0dd085d2f70c122

SHA1
e5ce343cf7ec80f98496af59e611338c52eeea90

SHA256
3c61d01c59fee1f35e2317b4c20328cf1132639de81d2b9526dd387fc876b101

SHA512
88afcb6c1e25b5fc056cfd78b5c668370e7109325994addbe93dbf9de73aec5f37c72579154b2580cd27b6b815806e0265b990fdb7ccd82e395f344c6685ec84

Download Submit