78c3556b480b12d1654d26041e934f9ff6397b06fdd27e5b590fc17803901edd

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 04:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

620f73efedb536ce0683e26ab68d1664_JaffaCakes118.html
Size

21KB
MD5

620f73efedb536ce0683e26ab68d1664
SHA1

99ceeb5047152efa823c07a837e290c587a16d93
SHA256

78c3556b480b12d1654d26041e934f9ff6397b06fdd27e5b590fc17803901edd
SHA512

eb5cfc401f2c503428868643a14d184bbff1adaf301685d2564adea1aa3a032e3c9970976076bab739a1c9db08c4f0ecd5ed80c25205652de8691b9ba21c48d9
SSDEEP

384:SU+E2ubq/sLRs/MRJt3uu0/efOr/FAYpUNhucX1ISbPQISfZ5QboFmn5S:QEFG/MRYMRJt3z022r+XCZ5QboFmn5S

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4444	msedge.exe
4444	msedge.exe
1236	msedge.exe
1236	msedge.exe
3164	identity_helper.exe
3164	identity_helper.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1300	1236	msedge.exe	83
PID 1236 wrote to memory of 1300	1236	msedge.exe	83
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 2128	1236	msedge.exe	84
PID 1236 wrote to memory of 4444	1236	msedge.exe	85
PID 1236 wrote to memory of 4444	1236	msedge.exe	85
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86
PID 1236 wrote to memory of 4388	1236	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\620f73efedb536ce0683e26ab68d1664_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff824c446f8,0x7ff824c44708,0x7ff824c44718
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2424 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,17115963694821125175,773466773381164978,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3100 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
28fb15d7c09a36675d1de91cd8060136

SHA1
e559bf4976167a769eb95173f8ff60bd2268d45a

SHA256
057a2593dd64c74f19edb42ac92f1750ea8991b98d6379ced2812e90a9c3ff7f

SHA512
a314d4c22f3a42ddbaeaa756654e167fed352905541be140f032073c14b67607a3381df994ab0fac161c050b1d20f5b7e01c0ff08cd4de50e8c86c530ed39911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
5c1019a2fbbae64fc4028cb6454df74d

SHA1
d20fe68f9ce22bfa8c0b745a9766ece9609b58ea

SHA256
ff935fcbc416876bcd99dbdb408a834913432c5a18f17d8586f5301874ac6a75

SHA512
9eda61ceb453cf16e4aa8654fc73223f4c1c10fcbcc4459449fb4da3d21b452b7c81ca1a3f1a633c18d21894c3e902ea1ed1ab27a4ce2583c28b5ad0562ff48f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adca0491c262413f2b829d9fc855b36f

SHA1
d16b697fcb66e4f712f4f6f44036068a56880172

SHA256
716d973a524de96f42af1573896d69391169a372d49d1ad19a2af32548cc252a

SHA512
e9a7ab923c38ec83f060db3103f5c80de35cc7ea570bb177fc5d24e02572c6a0d74c921810c0e0d9b65cd578fa4a52b0c06c999dd7b2417f659f5266a67dd9a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1758817b194d2d9c4cdac176d67ab1a7

SHA1
d480f9cdc8dbb51d506b37bc5a4c6b515bb1f24f

SHA256
b5c14a030a3ce731ea20392d2aa6251f4e166b146e9ec1d1cd735e97fcdeca82

SHA512
b794240f850d8c1117dbb408f8b4530df724636fbf92a8b8f791ea52b6e47f349d61102d03ff3e4d12f4f9ca6f36fd8c70f86f03f7e19f07f00a02abb2a1ffac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1b82bbc1e38a5fdef833a2baa009f03b

SHA1
689b466d2338b51f99c4535adbf88e7b68467194

SHA256
25f12f2d249974d53e5d286395e445d057969e1f0f50d357ddbdb098c4a3a681

SHA512
47932b1dd0733343facba4497ae2d3ba17d68e493d94778eda35db30dad54f3a36226e16925327a776f8a282839cc5edbb5bcd39edb658349e9cd9ef8e3a72a4

Download Submit