33dc03a342264d1463a695d44beca864ce218cfe68f05ac255a9308f27c8073a

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 02:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5cd454513b4f18610724c91896d397d7_JaffaCakes118.html
Size

321KB
MD5

5cd454513b4f18610724c91896d397d7
SHA1

517955c474128dbca5556f863cbe785d6af03256
SHA256

33dc03a342264d1463a695d44beca864ce218cfe68f05ac255a9308f27c8073a
SHA512

fb8d3bb91d81d08fa7836877c9426b22cbb6d613ec00526d93f4155e6df445aef5355df57f360b86b3b7950f47552d2c8073fb65159ac68227b71ba0acbb26ed
SSDEEP

3072:cYc9KqESrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:c9s6z9VxLY7iAVLTBQJl/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
116	msedge.exe
116	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe
1316	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe
116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 116 wrote to memory of 3160	116	msedge.exe	83
PID 116 wrote to memory of 3160	116	msedge.exe	83
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 4820	116	msedge.exe	84
PID 116 wrote to memory of 1524	116	msedge.exe	85
PID 116 wrote to memory of 1524	116	msedge.exe	85
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86
PID 116 wrote to memory of 380	116	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5cd454513b4f18610724c91896d397d7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fe9b46f8,0x7ff8fe9b4708,0x7ff8fe9b4718
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,9244297513451558921,13333130735910709875,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
551B

MD5
f501bd1c64e146c71ee0501fae2ee320

SHA1
2c42b4f5c22e3c8b759c636e6809a710d23c19d5

SHA256
f69f234b7828922896cc810077313d6755c32169553b079bb874c230fde1644b

SHA512
e37e73f2b81b0157fd59847cd2ef3d003b6e55e3e01b1bff34a681bd0d9b99fa6d604d99aaf1f1a85c070612d80930a0685302c1b78b8d4e40e862f15af099e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a17bc07e22f2d949cce3239d7e17e26a

SHA1
75bcaf17463b2181e2d14e2742cc1977a7a11f1d

SHA256
ecb934aa6272383c65731e80af516593e1dff0f4b0a85f320ad2a57686258961

SHA512
c4e15e0a2eec6d7804e2c542ce4e876169e0140a146611cbe119d21a2c4192539ef56c74582da8da4cf442cb6d2aab64a70bc298f882c7b176a5cfaf6b2ca4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0013fbf2f3229992d49454802928d7b5

SHA1
afdcc0ab3d0bcd1c2441a45c899491e5bc3ccc9d

SHA256
0d83243ff07caa4aad4119bea9dfef6b655001ea1a437c1cc15e5c8b31d8d81b

SHA512
1e850117706fca70743a70a5662d0d41c3a99e06d0681ebdf6141f910ba6b6f337e6b68520f3276245a365d6d71ffb537e542ad26a4de1c0c02bd4f6bf678e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e7541deca8c7b2b39ed83af5adf67756

SHA1
e18aa3270f72a43ea1ab23c6668bd1b7dbc3efda

SHA256
39b90692bf863c309a94c57309c0bdea8cd5c4f12b1922c82fc6659b5ffd59e0

SHA512
691db20230dae39d091dce6a26b3e0cf8414b7c704c2616f3a4f880b48de24a01b150bfe11beab9d9a16a22d1044fa6d7199f5cc645e47ac3b4062f833010827

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8041b6a553cd1f2be6e8ac72d75e3180

SHA1
46482605058906df021710d6101c7a6fd730b30a

SHA256
ad827862c39d46e55179f6cb466306a367676c54962fe6bfc4bbc43213f52410

SHA512
7f002c9c987dced24e02d1a4482f5ff106321765c4694b1ac987c2f4ebc8cc03bf8acc5a0609343f9cc60339cee8cbdafa5d239ca915426c88f0dbc9658eabbf

Download Submit