82adcc4dc50ec94fb4b00e6fbbc07b22eafc6993fa1791fccc9c89b8b15bdbab

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5cd17335b72d24d3097c116a2ed5a684_JaffaCakes118.html
Size

53KB
MD5

5cd17335b72d24d3097c116a2ed5a684
SHA1

3783e76985337a1a53369917ee072d5aaf48a7b9
SHA256

82adcc4dc50ec94fb4b00e6fbbc07b22eafc6993fa1791fccc9c89b8b15bdbab
SHA512

99efb53a28e563b489153da039d97fbc901fcf11ab4f3294c5f20bf279691f8c957351db4cb1d939360fabcb9774fcb5fe1b91f8057e5daa4a60d1a85874028e
SSDEEP

1536:ArNTc9i0MQBtjGebPEHTClbw8MXb5yUIyssv:gNTc9i0MX9Xgg

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2556	msedge.exe
2556	msedge.exe
4912	msedge.exe
4912	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4912 wrote to memory of 2940	4912	msedge.exe	84
PID 4912 wrote to memory of 2940	4912	msedge.exe	84
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 3336	4912	msedge.exe	85
PID 4912 wrote to memory of 2556	4912	msedge.exe	86
PID 4912 wrote to memory of 2556	4912	msedge.exe	86
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87
PID 4912 wrote to memory of 5032	4912	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5cd17335b72d24d3097c116a2ed5a684_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff90ff846f8,0x7ff90ff84708,0x7ff90ff84718
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2072 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,4968498416019243368,11413405342215214423,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4944

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7e72e38012b78c1fe8196cedd9bf8a19

SHA1
ea3344ac6b473c84ea31a37c86646d0a173ba3f0

SHA256
e1008c4a98ef1ae692ebdb9631357c196497da4b71b6c23896b6d39648b024ed

SHA512
91657f74ccc68299476dfb5942a4c0ee8c76e24e2b45839a606401c2c916cb963e2f19c10a3e0d83fc7b18798135b74fdbe60650b169eed0170ced787d51f8b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8d6b886a69b72f11442d3377254528dd

SHA1
ef9fa2fdfbfad4fb7054ed9eee10fdea658239da

SHA256
a4255aa5c0069cced56ce8ef16521b398adae9a83ae87cf60da057e3d7326215

SHA512
b5d703165e40c6f05dc635ca504b8def0cf540f2fabe61178276f884809861c7e12a402d06ac0ac862ea604384b9747b8600a34e9e3aecba98ebfeaaf2c8a25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1a861b21032c4b909928b2fa9919525

SHA1
91f019e9348b212a3b8bc1afa5968f773c1721d0

SHA256
cdb913fa3f928a03f84ef772346829386572982fb58443318faeee2281da05a6

SHA512
6ab96368d7d9e11bbac5dd2a053fdc57931c2be42e2722b88fedf7f12297108870e56547788639ff6689a1205b886728301e9e51da613b4c5d28215ac889c602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7af3a206bfb5ea1ffedbc416ecbf791b

SHA1
c04e44c8415608f646591b5a8862ab5c3b69f3cb

SHA256
d19642011418707977f83fe7fdbd335664e6ce6c3de4c790168c116862c925b8

SHA512
f28b1fd4613e4328dd4feea5f1f02209a91ece31a4dfa89397726f3444dfa34c87fd8261fa3bf7fba43d902d34c25ebf314012c932619830c33ef33e450707fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
d8d85307ffc197da1d0544d0ab5f5d94

SHA1
169937672a25800f0b96af886a19a033c5f3f260

SHA256
e591a30a42724281c0e45af39ac3dd2a21cc50ac01268e0a2be21d519c3a50c3

SHA512
d512dc48c65370cb9f2007866517dbc0cf136d8e83b09e70b1bf73c83189b1a083cccb8a313e0f1251bed0f51e28160e0476a4813ee4f23f6a3f3499c3bbc0e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580ea1.TMP

Filesize
538B

MD5
0aea81ab30cf044508ab0f2596eded6f

SHA1
b01509ff384241662a1f00274f7a31fd3e44e28a

SHA256
b21576598907de9b8cebfbfea4a167fce4cd20966ebb44d194615131a4b46bed

SHA512
8aa1a144093828cf4144a481686ee749f30f47834e191aef55f3b6fd2b5f6fce1f993e84746d5ca993f8f11fb36583b0441b7502b40f340650411063bb91f4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12617bf06741619f12e775d1b836dce2

SHA1
413689e72585426572c992c1002d513f1c6aa999

SHA256
7a0c5039e1da6ddd665ed90b5c3580762efc5f27f7b7f71f0b5885d1d73c7bbb

SHA512
82a9974cc033519d175e7046a1f83df740683aa09eef13ac9e7f76da5a067650ce1820f2a5d7653db507b35812a0596cad2092f0c1a3aa1a17b0af7dbdc7f6b9

Download Submit