56e4fcf76b271f3a6a40a1c0ab180a9efe1b3d3aedb7100190fc3198e1eeedc3

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 05:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5d5f8eb2bfe28ca663296c54acc55694_JaffaCakes118.html
Size

18KB
MD5

5d5f8eb2bfe28ca663296c54acc55694
SHA1

2152cfb1fbf59acccba985b53d82b96b1b70c7a1
SHA256

56e4fcf76b271f3a6a40a1c0ab180a9efe1b3d3aedb7100190fc3198e1eeedc3
SHA512

4f8b6114e03c1a03c7c57487670fc189c0d68f197cb5fc1167385bd6824706dcc90abcd6624cc106b3da4c19ef9133b72f61c75e8bb1bf7e333a53da15d7774e
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIk4AzUnjBhMW82qDB8:SIMd0I5nvHtsvMVxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2180	msedge.exe
2180	msedge.exe
740	msedge.exe
740	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe
3024	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
740	msedge.exe
740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe
740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 740 wrote to memory of 3660	740	msedge.exe	82
PID 740 wrote to memory of 3660	740	msedge.exe	82
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 4100	740	msedge.exe	83
PID 740 wrote to memory of 2180	740	msedge.exe	84
PID 740 wrote to memory of 2180	740	msedge.exe	84
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85
PID 740 wrote to memory of 2828	740	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5d5f8eb2bfe28ca663296c54acc55694_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee01646f8,0x7ffee0164708,0x7ffee0164718
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8596599579447042214,5654117068452860278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,8596599579447042214,5654117068452860278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,8596599579447042214,5654117068452860278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8596599579447042214,5654117068452860278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,8596599579447042214,5654117068452860278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,8596599579447042214,5654117068452860278,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4788

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca2082a2bf78352c2e1b7aba94fd70fe

SHA1
2bbd3b8ed8062d188e3d4610bb378eda285a633b

SHA256
498096ae7d65d11c4e29266509b191fb9511d0fc514c3729b4ea76b365cc3149

SHA512
16fc5f4e9010afd25f0b2de7492ab2db669167f659975f9f468a91a95a4a8920a0d585e372aab46e8c532a0398947432eda5a96de0f058c38336f212466ff69c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
10fa2c3358a540a54a782974e755d8a5

SHA1
3d9044f8e5079d521b770cbacbdba100531dcb46

SHA256
914b8984f3257dee378a9416ab1169bc8cb765f62eb50e55d95804462065e448

SHA512
435735dbd5b07eed5080f4d62f9ba94757a92a307477b25a10d5bbd3451c2673c57e998b6ae717beb107e50958bb3db464bb45545c6fa7f13adb7bc1272e1797

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4f369bb78a25c215890f561ffaa510f6

SHA1
a550b16ed0b8815c00686b1e4198c6b881448332

SHA256
34b3f362aa0e8fa54ebffcdfcee52f3c40f1e11ec4f98cc9396851b247c6ab74

SHA512
daaf91f20114a0e59bedfcd1fa6c5cb4fe95732b453abecaac489f276462ae00d55484f50fff4a2396e4c080afc4437d4f0566caa585c9beeacfd99752933d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
93035237d98dab0c970bbfa66d3b311d

SHA1
a374acf4833d7da000db7ed2be7cc9d42da156fd

SHA256
1868449a5311c6af9af4e530a27f4ce83ce3826cfaf3d1710a45080ed4723de4

SHA512
cae74c09b3818aa1445941f21a72b0ff247ac458f99502fb6404d9a559cc46343b7e791c21621850ef675cc098456fd44fa9462cd573fba52f826feee2b7231b

Download Submit