13e4448e711c5ed2069a7e1c590c8b3d6492e5438f9dafbdecd96bb6a76f2bc0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 15:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

63d500cc37bdc02b2780206f073b4e64_JaffaCakes118.html
Size

18KB
MD5

63d500cc37bdc02b2780206f073b4e64
SHA1

334e616f63fd3b0da3b2bced7c8071aee6eeaf93
SHA256

13e4448e711c5ed2069a7e1c590c8b3d6492e5438f9dafbdecd96bb6a76f2bc0
SHA512

4126c8ff861d6f07b2a6117ee1abce45e81a6f06431d82b12572194bd7eed45e62947297d663fbe6b148c8161324b42dbad268676d07df8bfbbbfeb2ff90c557
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIaqu6qT4PEU0sqh2XEzUnjBh3Mf+82qDB8:SIMd0I5nvHLsv81xDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1408	msedge.exe
1408	msedge.exe
3452	msedge.exe
3452	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe
3452	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 4784	3452	msedge.exe	82
PID 3452 wrote to memory of 4784	3452	msedge.exe	82
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 2456	3452	msedge.exe	83
PID 3452 wrote to memory of 1408	3452	msedge.exe	84
PID 3452 wrote to memory of 1408	3452	msedge.exe	84
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85
PID 3452 wrote to memory of 252	3452	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\63d500cc37bdc02b2780206f073b4e64_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14353585052558009551,15065047622987767197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14353585052558009551,15065047622987767197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14353585052558009551,15065047622987767197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14353585052558009551,15065047622987767197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14353585052558009551,15065047622987767197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14353585052558009551,15065047622987767197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b0d34a82357835ccd6d084d21986b43

SHA1
1e0dd458a02f99066c86d323a0cd876642ad3d12

SHA256
f291cf1ff17913e8ed4a00979564dd507a9515aec4d57d5307653706f0b50db1

SHA512
1aacc93b144014e04ce8db1556843564b0feb8697822730a12972cad629b4ffd052f496e055d492418ea232ccdf905e45f7fefa2c9aeda426c9879f212e28ab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f764dc85a3d529e30329ad19de3b4848

SHA1
23b267b77e3f789fb56dcaea98edf7702c69490e

SHA256
3db5b58755eb1c098e3e9d15c38425c9f4b0625a09be88bbf5e024d86e1dfbc9

SHA512
c2c7ae099a4dbe9b7bd732285a516e351a8874bf1d8d495db9e376801af67ce28b1f65d7ad9eae898908167acbb5cd85d4b57691ce925f67f36d102e38eba8ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5ece418e17e7369806347cdb5cf48896

SHA1
7690b5ffbb2f52f1592f573856cec2d90d0c5d63

SHA256
090fda083df4014ff75b4d237527ef8c3e0db6949d94634c499f8611cde32228

SHA512
65e3c34239dd7a618cad96476290804c935fc558280047f74cebeaaf1e3095070e4625fee314d296ea333d280268cb5fe724881099e02c907e2fc5f32c9c14ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
34e8ce7ef0f9dd0977ab16c25daad332

SHA1
1eedd4e57afd898d7adb0d6d352f7b26ecd5ae08

SHA256
76e248ac5bcee089a26c7566946b02f7792165cea1cba15617f43b2879a0403b

SHA512
c61be1315c2c75528cc62642dd2797a92061e9ad14c54ae49b41101e9f3cf566e20ba3d5300aa68acf7aeb87c66519c52fe2de36b8f7e3296eaa89a5cb2931ea

Download Submit