0d9548603cd406a718395bd49a0f46fe88c09308435a6b3c257a849381bb7bca

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 05:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

663a8bf2cd5677f5eacf99e5c1f0b305_JaffaCakes118.html
Size

18KB
MD5

663a8bf2cd5677f5eacf99e5c1f0b305
SHA1

39a66b05222f5316e430d4ec48fb659d1e287f36
SHA256

0d9548603cd406a718395bd49a0f46fe88c09308435a6b3c257a849381bb7bca
SHA512

f7abdccfc2da69ff394195ab395a470e63cabfb97b632509fc71ac7f8da1f8a7e8fc8a1773ad1713ef21fc4f1e210ab2c0e080111db86c9859455415d06361b5
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIf4HzUnjBhtX82qDB8:SIMd0I5nO9HJsvtsxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3952	msedge.exe
3952	msedge.exe
772	msedge.exe
772	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe
4628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
772	msedge.exe
772	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe
772	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 772 wrote to memory of 1940	772	msedge.exe	83
PID 772 wrote to memory of 1940	772	msedge.exe	83
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 4316	772	msedge.exe	84
PID 772 wrote to memory of 3952	772	msedge.exe	85
PID 772 wrote to memory of 3952	772	msedge.exe	85
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86
PID 772 wrote to memory of 2476	772	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\663a8bf2cd5677f5eacf99e5c1f0b305_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff825a646f8,0x7ff825a64708,0x7ff825a64718
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4951506623261634848,8569563920481701500,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4951506623261634848,8569563920481701500,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4951506623261634848,8569563920481701500,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4951506623261634848,8569563920481701500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4951506623261634848,8569563920481701500,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4951506623261634848,8569563920481701500,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52e4ce1c-9d0e-4643-a654-d7716507c4c9.tmp

Filesize
6KB

MD5
a3c5ceeb7e4eb8aad9356e05e10ca30c

SHA1
51d1a8443c4422b4d9bd760ec535d12807af174b

SHA256
6f4f1225342f1c4701d24521bd641395409473b116b2ddc17f9f9823c3c86b45

SHA512
7f150e25c05c3d7742dc1e6d02c721cfef219013438f15c9fc44142b01ddcfe35b5533bbf7cf34d485f542bb93c9a45ee10938729f1bbbe513241a0a6f33f22b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
69e9f80269178aaf556925b63e2f4fe8

SHA1
774635301f1464c5db52ef90e3548aa1796dca26

SHA256
459df9900566e2ef330ff52e4780f53f54eb839c4863478055bc176b3d9ff713

SHA512
53fe43fe2c1bcdf6381ac71980858061d5786173caf5fe0f48691245c502a9ff62e544e538cb5889602a454fc3b291d5f95a7124c5dbf567cafeefb6c63c30af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e79ecc109b441eb7514d32aa06a14a9d

SHA1
6d709b183ea3cc96b534ba247860193ea5a20c6d

SHA256
d390c3cd9cdcdb0788c0c56acec077d1bce182a6885389cba645936b9c72d898

SHA512
425c7303fa32f2a2ce2b79f97d621996601d6d92d97be551648031c2cbef501aa5bfc75fc98c58133862463cdc627f28e76f1d6f55cfbb88cd80a64ef11c5126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
976e362ba6e64460cdb19191b03ffc7c

SHA1
b97d3cb3ea0b2fead95c2a89e1f1e37e724bbd9c

SHA256
1ea62b85104908c5480cc5cca51b1791c14b72d77bf06859033d0ee5579714d8

SHA512
c9883fcc6cb928e8824a2a981245f625075f03cae24bb5e46f368ee8cf82fda4f8ed4a09662407e47b9009aa5e44d45679cc73aded3751e9d8f9c420b5c8a47c

Download Submit