e478d5a990e3627ddca507f35fe7cf2198fe2cbb43486c7780b0fb45ad9c1ef3

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 03:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5d0c1acf801fb99c88b6b3f8f2b93a73_JaffaCakes118.html
Size

47KB
MD5

5d0c1acf801fb99c88b6b3f8f2b93a73
SHA1

a30a1b46e7faed4b1e2b2684e181bf8e5b4169da
SHA256

e478d5a990e3627ddca507f35fe7cf2198fe2cbb43486c7780b0fb45ad9c1ef3
SHA512

d2d78b5c2f69489aa1b4994323c3dd70ee193bbe553cb918f8ea7b788541306e734f994daf80878a97a1a94c8deeac006e65060a2c92969c0e1782212327cd13
SSDEEP

768:LEZFxr301rb8gb25Ev9A5g8l1DPaYSli9E2uk3pO/EwOf5VUcCFz0+OAALF/eRGt:LEZFxrE1rb8gbKg94pDCYSli9E233pO4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4484	msedge.exe
4484	msedge.exe
1236	msedge.exe
1236	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 4416	1236	msedge.exe	83
PID 1236 wrote to memory of 4416	1236	msedge.exe	83
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 3340	1236	msedge.exe	84
PID 1236 wrote to memory of 4484	1236	msedge.exe	85
PID 1236 wrote to memory of 4484	1236	msedge.exe	85
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86
PID 1236 wrote to memory of 3584	1236	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5d0c1acf801fb99c88b6b3f8f2b93a73_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb046546f8,0x7ffb04654708,0x7ffb04654718
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6159150801696542620,12368172372340679185,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,6159150801696542620,12368172372340679185,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,6159150801696542620,12368172372340679185,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6159150801696542620,12368172372340679185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,6159150801696542620,12368172372340679185,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,6159150801696542620,12368172372340679185,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1300 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\1ed224b9-0365-482d-ad23-4bddd02fc9d3.tmp

Filesize
967B

MD5
f09969aea8aefeb19294f8f4938f6c46

SHA1
550304edfeeda4cb4f0de6c8298f5d1c8a340028

SHA256
7a0192eef2d8c58617fc99684c3e6d21ba6b555ca8311453f8ce530461a4a707

SHA512
c0888785a71422f4527f894633d1e69b30a289578e4be1915f6b3036f3b995065fedf48347da9c62ce65bdafce5cf42bbf9dddc0c3c241262a7808b99493506b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4b5a217433b1db54f02e2c71fe0bf952

SHA1
ff43dfab7966badaae24e756ce65a3aaef336baa

SHA256
3f98b50719788125ea6139580fa3d08660c6ef236f860e7c583f629f2a13bf64

SHA512
48c4989869793082eec4506eaa6db25408b2c87819536cc2f1a85268f3c2e1cf006206db20def96fcf6e23571a75561f0ea7ca558df86faf7877c9416dfd9e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f463b1393d724529e2f5c649609f771

SHA1
d3e16c812a727c9e8386f05bbdb1c8fc581d5257

SHA256
e7256bf3e3ded2b2873855e9dd3248421887a07bad119c27419e24358632d278

SHA512
a62c179bf90d2709bbc1f269d743016897cad235d080342a07a61553ddf16dd19f1de122ba05426fa7d3db3c49c1a4936789c6b8bc427d13368b9038897d7736

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
539B

MD5
9ed52de3f17e101fab541ec14547a70a

SHA1
528fb7c78bf0a1724360780406c3cebb5d929a2c

SHA256
374d2cb8b2508ec16e92bd1d03d01770a4fbcb4df1152b97f5c2b4558d7c21b0

SHA512
43e290361d7385e346022988051c1d40689850f9bd750c8732f958c61394cbf3338d9a6ed4dfffd583ef2c66e5b9596c8ce2ff2ddb7d4d59374fcf707dd51f62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
aeb0065ae87a900b58636853e3ab843f

SHA1
32b1bb8afe4db4cd020afc6e108548e9d35990ea

SHA256
8de4c2c2ddc9d0e6ad15c8feb38a6e78a8978102778aa00b8fafe36bd116f6e8

SHA512
0b33cf17e410a1991aae5d7d8d1955283d5734ee392a8fbf88d5a7b2f416ca77d012416a903fb1bb2b6341be12cf31898c716f8a171425d8ba2fe4de85fe6d91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe578174.TMP

Filesize
539B

MD5
7a5ea4ec75a98a8dabb0e60b7511abcc

SHA1
4584167bd1007ef85a5ba4d3a03cda9df1a1eabf

SHA256
6aec35aae94ebe2422ea202e02f286b9f5a52e473907338d9bdb9e2d5786a323

SHA512
9e600f362939476432ec0e5ddfeeb1eba82eb27702b5bc27bc9c5da0e65f02b3ffd729aa9dfd9f986adf6295ffd64b6b0e732dda6aa308fdbed6229607bbc928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d133f69b-1b07-4205-b80e-e6842d8e249d.tmp

Filesize
6KB

MD5
e5160978347ade2299a49219e6dc2cf3

SHA1
2832beecb1222c70b74d94cce0f4561880943c3e

SHA256
d73467b379cbd86edaf66d677dc9bc5e58e67064ea8192ecd317d1cf44afcd4a

SHA512
0993f5eb33fea18c121d4de8ceb812461de2be96e493251a0a73fa7141f93c0577ae83939f3be37b45c8c1e16c76505e859c184fb10c014cf7c49311d01e6cf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
87f8d335895169745a79910ed512caf3

SHA1
3acf515fa0997a00f8ea29659874762e06a6a59f

SHA256
e5460f128c37b2cdb8d519df691c28eb744e0873d6419aecb47b65757523cd89

SHA512
af6c5055357e831ee13c882c14d1ddde97223d66a79c3e38f00c4a1f8b3176cec1e5afc8f25ea003255cfed293ec189a66f7db6d7570f1e59e9a148541f37318

Download Submit