dc412c7fbc6dfb34d6a03b6f274fc78cc32bef1561b91ce6373b7f703b82caf7

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 22:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7374e80db317e0d319ac531472c1782e_JaffaCakes118.html
Size

108KB
MD5

7374e80db317e0d319ac531472c1782e
SHA1

96a80ed2a646837bdb28f2a41522777d2827edc2
SHA256

dc412c7fbc6dfb34d6a03b6f274fc78cc32bef1561b91ce6373b7f703b82caf7
SHA512

8d51e9b9e538f83ea79ac860a1555ec8ecab879d82f7abfd92f4b749514df9fc9255e24a146a0e5ec058f1c81dcb9a4106b7de52a9d5d03ed9f750b8c12c30df
SSDEEP

3072:D8oHTMPRZs2LfGwpGzzt8aNidEMTRWxLeOD:IoHTafGwpGvt8aNidW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3284	msedge.exe
3284	msedge.exe
320	msedge.exe
320	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe
1400	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe
320	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 320 wrote to memory of 4480	320	msedge.exe	84
PID 320 wrote to memory of 4480	320	msedge.exe	84
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 4688	320	msedge.exe	85
PID 320 wrote to memory of 3284	320	msedge.exe	86
PID 320 wrote to memory of 3284	320	msedge.exe	86
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87
PID 320 wrote to memory of 648	320	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7374e80db317e0d319ac531472c1782e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8517946f8,0x7ff851794708,0x7ff851794718
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,6548891393699072158,13150513627584940912,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
e155136cb49f0c92d25b0bc97c9c51f3

SHA1
a4d43f00b21214395f13859a43729d7824aa0e56

SHA256
27a4dbfef17682eea5a248eea1e1cb1ccf1fcc7a8576312cc921ed6d9dbb4d00

SHA512
3d43363fd41e7c2449bf2864288e2a7a531ed7366dd7ab1d8ff0a75c1240850cb5087ee8aaaac04ecf5d92e35806503d43c7936c5a89c1e5c094c0ade4ac9187

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fe8bf2e76e7265a421cdd8e513b611f4

SHA1
5e58557f8510f4c47309dc3e508586fad98b1845

SHA256
f3c18d1864937864c7b4fedbddee239864faa84546e1dec8d1fcf7ccf946f99b

SHA512
fdbd650e547fe2df69145f743f87b57c6379497a553a1e213d11ec5baa324f97987cea4c7c7ad5f629c9d9ef223d57f18231ebb584c49279492e3fd42a75aa05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
acd3116a2fcba67822a16b918ca7b559

SHA1
a73f10446893be5794b455da45b1a823c0464774

SHA256
2f0a6d281e4b93546af56c050fbd21700d0faf4abd64b153d2e529eccbf16bf5

SHA512
7d7729ed415252aaba88f97acc7b60cc95b960cf0540a2160ee7dfd010585064c5afee452f7beac5e530b3fa3cec53af0bf38c4c0423658d2efae475007e3a3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7b6be7e0bf436c9babc3f52bfdfa05e9

SHA1
259d95369304dedb3baf6cb484910ff46d93c72a

SHA256
18ed8d7f96a36be15ccf247d24db37c42d906d42ba26e17562bd114602893b82

SHA512
f08a54ce249cf886592551a6f0e54edaaa57d616541b10b9d78dbb4e7947b4e2e427e235df9d01f6a826669ce19b39ee41722cd9106c4b6b97bd07a3f1b09b47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f71c90281cab4e0e31a899385aa10c21

SHA1
f08484d47d5331e614becd142e30c5a6f79558bc

SHA256
48771c1160fc603251f1d319a638bbc0d767bd98a71af42fa917a0a4654d10ae

SHA512
d42115dee357c1932f512c6688878fadb9049bcd1bc4c3d4acaa69349b264424c56450485e2fb2af8d0f0e0d51df6ca99876034180a0767a161618ebf8aeea81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bae6237cc479d485bbf13f506e50db76

SHA1
8f1dfdb23ac0ce81214e53a85dacc33f5ecc0303

SHA256
80d369fbbd17e765dc44890018e30b0045a6054140f8121c3b2f2c7942e8430f

SHA512
228b2eb6c27ef3218f5ea5e6260323db663fb5016599f70b8791b53c9493aa030b1f49753d8a8b9c824402b181c45f2efb70ca37a9780a039ded7d3685719271

Download Submit