3b984e638bc5ead488d5331f03c4fbcda5312fdd0884a95fd44265ddc161ffe8

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 15:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5fe4bd6ab0e24533839fcf113a4b86ac_JaffaCakes118.html
Size

11KB
MD5

5fe4bd6ab0e24533839fcf113a4b86ac
SHA1

3b4846d482dec3bac7cfab572e5556a4e4481509
SHA256

3b984e638bc5ead488d5331f03c4fbcda5312fdd0884a95fd44265ddc161ffe8
SHA512

21179fb66213b29d431616dc00c088d83d183d3bbb4483e5fb8bdf1be88098e0d5824c5054cd8207e5a774ac8b31bc995855f527e119fd6956d01a01d0a118af
SSDEEP

192:6fIMM8bBIjdpys3hYhKfeUFhc/YXrXDXYEKqPluqhhghP8ObPaLo:6I1ZP33hWKfeGsYXrXDXFtPGhP8ObPaE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1576	msedge.exe
1576	msedge.exe
4724	msedge.exe
4724	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe
1112	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe
4724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4724 wrote to memory of 3396	4724	msedge.exe	84
PID 4724 wrote to memory of 3396	4724	msedge.exe	84
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 552	4724	msedge.exe	85
PID 4724 wrote to memory of 1576	4724	msedge.exe	86
PID 4724 wrote to memory of 1576	4724	msedge.exe	86
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87
PID 4724 wrote to memory of 2268	4724	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5fe4bd6ab0e24533839fcf113a4b86ac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10171740297365417934,1471994752825963036,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,10171740297365417934,1471994752825963036,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,10171740297365417934,1471994752825963036,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10171740297365417934,1471994752825963036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,10171740297365417934,1471994752825963036,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,10171740297365417934,1471994752825963036,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ee3f15f27648d1341fef775d2fd075b

SHA1
ee19b9ae83a337705237d75c7028a0e53358bbec

SHA256
0f0c7ed3e1c72c33f365748432ec991fa2c069b2bd7b850bab6d464fc141fcbe

SHA512
2b557dc6ca852a89b285a91ecea310ae8cac42568641a0de6bd68341ca7924174cbc6912c5b762fd82fa5d36d911ae87455d22a9e55492286dfc72814946c52e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d889e5f5ad46964f22191d429ead58b

SHA1
3f15d6983db0c03dce30411de9390ad761643418

SHA256
b19d06d09e1a348adb3f417cefd2feec15aa11550e8d259435d2e5fd3801aeba

SHA512
3f70dcf90e546b7bc68cc77066f272730e7982fe820d2eaf135984215033447d26da2622e205cd1b3d779de61119bde8b6e8d1b218a67ac89bd3ad25d713d13c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
990fcdde03c1d3f6ea09306d077b0e6c

SHA1
759df35df762bef7fb4ac2521012c080e3908b2f

SHA256
c4c6009c018dad51baaf2db7e184576444ff7deea0f6f4576bd1c03c05a82a48

SHA512
af871a15e074398c36b54953d83254c73baeb74219b5203283e0984b605ef5d35110fa5b8c1385496bb529c7bdceb3ce61abe4f61e9f6293981db8129c1e657d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6481a4d3d61f0dd8f8b562ce00df35dc

SHA1
08b903ea0be34108a8baf30594475a6a385de2b8

SHA256
1e7829324021d8fdb15bf544beae078be31d382b5249ce96e2d57f4bb66eb248

SHA512
171159d83ac218e69b23ef3ad7389d7938afb7508cac9c554b0924c32c523c2494c9c3fca5cb0452c5b5a0765d0f7084664142cd1c7a0cec9fd526e3e9150cdc

Download Submit