050308bd0c349687285cd011b210ddd9dd6c02bcd46893ce09322fbb0d62d5d3

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/05/2024, 14:56

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

5fb09ca6e2ee77513b024c580fca8523_JaffaCakes118.html
Size

124KB
MD5

5fb09ca6e2ee77513b024c580fca8523
SHA1

20726ca43ff7e7959111d1a8f6649ac7b211c9c1
SHA256

050308bd0c349687285cd011b210ddd9dd6c02bcd46893ce09322fbb0d62d5d3
SHA512

b809169c2cc6f8c7706d31b79ef411a0d8d849379d7df21595265e5b4ac475c90e527963d3b15e4de046aaac813a3c37ad9daa79ce088a0fb5ffe6f6ff8d2f96
SSDEEP

3072:m/xPvTKmE08Ety0wV0WSTIJVl4GJcfbJYKnseqM4tB3LSUE7Va81U1sTkromeMDm:7mE08EtyfVyMSGylApLSUE7Va81U1sTZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4080	msedge.exe
4080	msedge.exe
2948	msedge.exe
2948	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe
2948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 3212	2948	msedge.exe	82
PID 2948 wrote to memory of 3212	2948	msedge.exe	82
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 3152	2948	msedge.exe	83
PID 2948 wrote to memory of 4080	2948	msedge.exe	84
PID 2948 wrote to memory of 4080	2948	msedge.exe	84
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85
PID 2948 wrote to memory of 4964	2948	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\5fb09ca6e2ee77513b024c580fca8523_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe676e46f8,0x7ffe676e4708,0x7ffe676e4718
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2292 /prefetch:2
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1048 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1480390403746920715,11562927463814204491,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4296

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x42c
1⤵
PID:3624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
eb9a5198489279088997f06454107d6c

SHA1
995ffe2a0d8095a961ef25aea47e74b25360ae46

SHA256
3e69cba60d5314e85222e6a13879042c6f22d50ad107a436b197f796034bbc69

SHA512
11efacb0a61c3213e1ec71288da73ba3c3236a3b19be679886ec11150aa1fbc5a319dab00551a42c63441cd3e6152a4b0b8606bc13ac7158ae3be4ec8325dec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3a1636c83ebd8024bb450fb4153633c8

SHA1
e511f3127a0228b9cb6ac29ab21020bdc3e8f76e

SHA256
9689dc6cf7892044d34612b71e870d72f63126986b689483e1857a0252f635e1

SHA512
ed25fbb00f3a8c7a426275558b1296699e6753757fed4b6c73c81c1d49d2d4c16f5587cbe91266a8025abbccb18fa53e7899b35c37095c12590560405bbb4725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5a4f90777e6b8d440443e4dfdea60060

SHA1
f8ade98c92b7a923ef77459c78b548c041e2a72c

SHA256
a7ede0b9efa175026941d19e9a097eff72b7eed0638bfc7e3eb17bf9847fd841

SHA512
1ca7ac88a26fdb24f4de10af014f5ca91346a444f7298aca2189b3bd2ea953ad48ac0e21123b8690616c632535e400840899838330117464d4083dcdf219c7e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
36340412f3a41713996159a18445ef02

SHA1
e8e0e41605c814ef8704d4f39ccbc70eccc0b8a3

SHA256
40b2b7c6bc4b2863bd6c4b4eb4334b719c890caf324b1782052889f90c493e86

SHA512
dd27becbe726b1c5a1e61bd8fa461c0f45154ab37b52fe95567bad3817a3a2210ee0255ccdfb15ac8a1504b09ba7bac212480632decd25c1abfae735afec2f86

Download Submit