5a43e4373bb74132f3e6055a9a0bef4f975c76ee1ecd6e5bc4676f3597820f3c

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html
Size

138KB
MD5

67e1a81b2f7601bee9d9ee24be933fca
SHA1

776ad7728c7d8d405032bba8e512ca312c4ea700
SHA256

5a43e4373bb74132f3e6055a9a0bef4f975c76ee1ecd6e5bc4676f3597820f3c
SHA512

b606a82feba999091bded343a576ccfeea843a5a98989b350f690619666805ad8dfdac75159937d2731bdb5af4f8445ba680ddd461969c394a8656b44879f8b6
SSDEEP

3072:SeA0gtw8EiudSZ5l7z5wP2BtraK1+Oh0bfuKTSEs:SB0gBJrbMbXTSx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2852	msedge.exe
2852	msedge.exe
1992	msedge.exe
1992	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe
1992	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 4200	1992	msedge.exe	83
PID 1992 wrote to memory of 4200	1992	msedge.exe	83
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2020	1992	msedge.exe	84
PID 1992 wrote to memory of 2852	1992	msedge.exe	85
PID 1992 wrote to memory of 2852	1992	msedge.exe	85
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86
PID 1992 wrote to memory of 3572	1992	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\67e1a81b2f7601bee9d9ee24be933fca_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef95246f8,0x7ffef9524708,0x7ffef9524718
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,14289002244226313549,9356379456912683246,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1344

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
eb4a9caef2fc106e7c000ae87e989aa1

SHA1
023fbf627d912cb3113e11a0532f3027471cd90c

SHA256
b00bbde96f0041d6baced9f07259ae12db35c727725dcaf8e99daefc255645f2

SHA512
e80a3d75a7431269764882ac8c921a3de1ac17d1fe9fcc9f67f4c998262d47fed4eea03ff08000e21bcec6cf568fd7cf6f326c6d720cd30ae8096decbc6422ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9f0c36d9df94908ad376618b1f9cae52

SHA1
f2dd7734aa8034157b4499700f1bcd3043c1287e

SHA256
584a7d9f710695897c1d571f0097ecef482d6483dfaee015695c8f63d780ce45

SHA512
0c17ab9160b6606aac576914adf068b0179f9275abd77485070c2b5881d161fb017ba31930ee89dc0bcc9dbc1ce37d17d5e3951ff2e581fb1679b105dbb6c6d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7b31d9d24628258e18b897f03acd4de9

SHA1
579fc0f21a6756c4bdaed538e3e4e531dff754a6

SHA256
2420af7d6b8990cefd62cc723ece880be5dbbe101dafdefdb4dc29b18cfc4c5c

SHA512
e591898324818fccf2b6d7c57828e7ce096a5e70d8bec4e2dddfd35cc4132d1b434540bf10387ed5d2aa50734b79ee36225ef1060259484a3a697eedbadb9acd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aba08f8ea057b4ee57c071bdafcdf9c5

SHA1
5e270c0db75bff99b0b06aa987ef75501af2d102

SHA256
61b9653c442fad96c527e19122fc65142e50fceba67cd0694bfface5be453aee

SHA512
6702e1b1267cbb88b96c30c11174e4b53951bdbc731f48adcf7db1f09da490a91c8c707263d6266e73f5dfc2ae6910fb1e0b6e585dbcf5f25b550a9c48e86d0a

Download Submit