05d325034f48099e0473e37b7e49e4096f7f6bfcbab394a11e7da38835622f77

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 06:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a0d14547313b6672529c9d7e828a5c4_JaffaCakes118.html
Size

15KB
MD5

6a0d14547313b6672529c9d7e828a5c4
SHA1

37ddb99a62c83e3c9dbf053c529ea028c6d15b0e
SHA256

05d325034f48099e0473e37b7e49e4096f7f6bfcbab394a11e7da38835622f77
SHA512

533d8c98ccc3ad69c3e0d3c942aad53aba2a4bd6ba27942700e7d98a6a6a7f6f177987df5a0d17989237d9bbb3476f48889dfcd03784ba5e33c5684b2b0e059e
SSDEEP

384:SzHAe/o5DTBSH4PbrzXQuK/XUhIzkMLFIzucD5oWdCfu:S2VSH4Pb3KtBclCfu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1816	msedge.exe
1816	msedge.exe
3048	msedge.exe
3048	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe
2952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe
3048	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2892	3048	msedge.exe	85
PID 3048 wrote to memory of 2892	3048	msedge.exe	85
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 4856	3048	msedge.exe	86
PID 3048 wrote to memory of 1816	3048	msedge.exe	87
PID 3048 wrote to memory of 1816	3048	msedge.exe	87
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88
PID 3048 wrote to memory of 1444	3048	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6a0d14547313b6672529c9d7e828a5c4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc114846f8,0x7ffc11484708,0x7ffc11484718
  2⤵
  PID:2892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14637193296436430131,10410204071335132079,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,14637193296436430131,10410204071335132079,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,14637193296436430131,10410204071335132079,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14637193296436430131,10410204071335132079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,14637193296436430131,10410204071335132079,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,14637193296436430131,10410204071335132079,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0195afcfb252b481b2be90d706c7255

SHA1
6b24e1d08347b9ec94a1533d10761a628051fdf7

SHA256
8b669d045bacfd40c15b62a35353f7882eb4849e78a42282fd21029c4a7b7a3c

SHA512
78fcb658eedeb1d30e14845bc1c576715c4a1f42dccbb17fbd8ec0af621be68c88dae93a88a152df04768fa6a8f1d22b328e3dcf0c749067f5d58b8b0f9481d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d611eb229c8a6b915a1d7ee480702f4

SHA1
5f184fc2785bb55eb1b1d5c2018883ff89782ca9

SHA256
4749d9f69e7be8afe872740c8fe3fba80ed2de2866043a5631c1a623f0dc2753

SHA512
143b61bca2a57296c285bde04d3e667057a3d4b8fb2941cf9a7a6881b6432ec8f23bd5ae18b0daaf0f0511f91d28260e00d95e56f88bc3144604d5d1f2bd4390

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3c44a3e8efae25b40cf33512b2d389d

SHA1
3a246767ae7f40fe31ff416580fb16861f80c443

SHA256
eb0d352ca1205c9a5c6f03fad95974de4ea13925795cd0abb882cba2823fb539

SHA512
eed143ed29b0ee097b67e65e8ace7b9ceb39f65cd5c1b980208dba983b426b0374b63fdacaf4feb7bb40cb6eddbe145bf337748b9a3d266341875645b176681a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6dd896cd20e1108946f28392fdb0a2aa

SHA1
e0a287c37616eea4de11f00c854b65256bc57e35

SHA256
7cdaf3be3515f8b970244fc1d8fbd69fd222e136b0a12f1a4d9c9cb352b4d0f2

SHA512
2f702e00c87351456aeda206cf8dd07a7a0ba903cd3bb4ec22417324afe2662644f140a2c9a277d2f6e48ee3415e9f7f2d60e03752a4ceea38b2a22a1d254b55

Download Submit