3b879ef8ace1b6387199a2ce2d6744db3c6752989631c46c677ee8067b7aa565

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cfc34c1e1ee49ca94bcd21a087674dc_JaffaCakes118.html
Size

13KB
MD5

5cfc34c1e1ee49ca94bcd21a087674dc
SHA1

83c275daafe062c3e05b59d54cd1d47e28e5568d
SHA256

3b879ef8ace1b6387199a2ce2d6744db3c6752989631c46c677ee8067b7aa565
SHA512

4643f13f6da3ef328f2adeb2a32613bea60ddb5cf01fff5efd1a5000143f0e203aee7b331b1de9fdcb9d374d6e45f54978fb94e6b2f130ab1e8018bada6af554
SSDEEP

384:+6ElOO5qBEgLxxmh9rpnZ87ISAYNHNTLXRsk:fKQxipncAalLBsk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
544	msedge.exe
544	msedge.exe
2928	identity_helper.exe
2928	identity_helper.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe
544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 4164	544	msedge.exe	82
PID 544 wrote to memory of 4164	544	msedge.exe	82
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 3580	544	msedge.exe	83
PID 544 wrote to memory of 4864	544	msedge.exe	84
PID 544 wrote to memory of 4864	544	msedge.exe	84
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85
PID 544 wrote to memory of 3828	544	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5cfc34c1e1ee49ca94bcd21a087674dc_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9903a46f8,0x7ff9903a4708,0x7ff9903a4718
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,17463692851497930497,15110637604657068613,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
c9f58c7bf0d1f2e91c2083480d0f1646

SHA1
838adea9d402934812f7f9c711f9a5924837e305

SHA256
b416cdf3023070a36d1ed55bc2b0eb88cc8c58d28219c37871cdec33b22e6ae8

SHA512
bfb9d304040dcf7780447366d850271026ce8f48def24567e2dbae3a034c7d3cdba941d62e6980ee1c1b5686735bc1209ee3ac038c3faf16b77d01e08966a45e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a05faaee23415d9fe0a4ee3bbff784b

SHA1
037dc563fe609be0a2d1d7db4b78684c7e1275fd

SHA256
606f978bf3c54c6cfd2c3262d8c169d07b7152fbb15985067800a8680c21b439

SHA512
7551e2634ead1184bb85734570eeba27995ee9c4c25d2f631942a71fee75b1fbfa8de5e33f26727e6f5ea76b606c0f1a867e4654a58371ede1a6933b8e1065e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
670237bfdb71adc906e3bcf1de9c999c

SHA1
905d1f7e60db68657893d5ae72098d0e7dc32fb3

SHA256
53c1fce013531c68be66eb60d096479cdb5ea9303a7ea000c09b27e2baea9726

SHA512
c2c1cb2d66becc8666ba6068e7579357bb36f7b62d8e4558ba2c936cced3b2f3cfbbac0974a2b3ffcc72c7e241e14d47d372ccaad156e2790920c5c061a9d5c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1071de85c65203b1ea0dde50dc3be102

SHA1
70f509671707e3167926b0125d93baf553f4fb80

SHA256
af5f59b694f5f8cfaad64cb9ec97e101c882d2ac684367024b398cbf51a2594e

SHA512
b68041ea29797828dcc43628f12515ed52c2cade93cdcd9a052693d8c7502c5fe83650b358242d204e3a1ba7dec30288deb0be1fb426439bf2ed027c33614d66

Download Submit