d0a83806b4bcd295a8203563ed94820f5d11e12a3e7644fc5de9f94283c9a7d2

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6420544232128a92b5b7c319c6fdcfcf_JaffaCakes118.html
Size

87KB
MD5

6420544232128a92b5b7c319c6fdcfcf
SHA1

7837276db61e6e2a666737a30b078988b626557c
SHA256

d0a83806b4bcd295a8203563ed94820f5d11e12a3e7644fc5de9f94283c9a7d2
SHA512

e4ae0d88dae1dd567f5e6f5c5fcc06e6d10fe4aaa0c9c4b12b1a96932ab09a3c4fbd3f79d99b4242f289d75396a34cd036bde24179db02104f2ddfad7652f06f
SSDEEP

1536:qDJLRiy9GW5vST7Iio/Cpx50Adux38IeYAbjkSFZHpU8EWz1Fb+RXKX2sGZoKuXB:qVLRiy9B8ppx50R38IeYAMSFZJU8EWzf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2680	msedge.exe
2680	msedge.exe
2896	msedge.exe
2896	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe
4188	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe
2896	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 932	2896	msedge.exe	82
PID 2896 wrote to memory of 932	2896	msedge.exe	82
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 4560	2896	msedge.exe	84
PID 2896 wrote to memory of 2680	2896	msedge.exe	85
PID 2896 wrote to memory of 2680	2896	msedge.exe	85
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86
PID 2896 wrote to memory of 1484	2896	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6420544232128a92b5b7c319c6fdcfcf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe41846f8,0x7fffe4184708,0x7fffe4184718
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18278157099241884855,4917059581979571692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1988 /prefetch:2
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18278157099241884855,4917059581979571692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18278157099241884855,4917059581979571692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18278157099241884855,4917059581979571692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18278157099241884855,4917059581979571692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18278157099241884855,4917059581979571692,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5360 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4188

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
543B

MD5
6eb36db1297b5851940769eb7c5ead63

SHA1
84eeac508e5a500914aa9a61a04c1903fb312a17

SHA256
2df1b8045d6329b9bbfd4c115c54cce42acbc63da124b36047b882460e2fdfb9

SHA512
ee79ad749ccc44e8810d81a08256c4aaf0ab625f5e473806c1c1b0e04b68ce29e815ea3c1b118dcbe96099d1b25b2b0aaedf15d846552e572b828fda0e0ae95b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf80dd1af480a5206b001c56803f7949

SHA1
9b0c8fee4e84328845a981c4d4d54f0de44c2e09

SHA256
33be87a32a4cb1c7e1813e3b67fec8be1c0b08d2d1005c5d4d21b671411aa210

SHA512
50cfaead6d996cdea93631dd85b1021642920f4f68c6fec7a786aaf6670139d86de0adb126d34aa6f0ba350c373fbd794219323dcf2a0aa77461723b75eed9be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7493914ca831985cdad97cb4f31bd69b

SHA1
4cf3098f6cea5b6144f24b148298443f23d0fc68

SHA256
6875649568344fc50ccc137d1f877a8808e6a548dd8caaba9766cef3389000f3

SHA512
1561483ba2780def92234898a7719912332947f2e9f84dec84f40910928f8b4c34cf54f4a1416ec3c61101ab8de4290d1fe8da281d9d2ae3aa04f7a03179edf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3ba3dea3c70eee024211bfd84860b38c

SHA1
4ebe4f61017615dad2b5e3fea9b1495290b94b60

SHA256
32bcd5bd6b76dd8b878bdb234133ee5b96d984b88331e0c65673ef8efe46dfcf

SHA512
245a851520d5b2fa8816386297e7852eb149b499bf3f392e68cb21d623f2b4b45374ad3f8a31b43d80ee3e94672dcbb85dd9a2b5e8b1bbc9bbae91da439d9c98

Download Submit