170ff88c640929efc6dc3b6f92430d6bbc7f7861992dd11960de3ccf341baf9b

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 08:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7165d97d608e654572f81cadb484e51f_JaffaCakes118.html
Size

19KB
MD5

7165d97d608e654572f81cadb484e51f
SHA1

bce4a1993a02b158db8ebdefcb8f043e556cd60e
SHA256

170ff88c640929efc6dc3b6f92430d6bbc7f7861992dd11960de3ccf341baf9b
SHA512

624c5dfca6ae1b386255700c6cbd5fc6aed81f78436aa06f7e8438d2d00256e12884ef029a20ef0c5b77c838a07cd61cb2ec14ec4c0843ebfba94e8ac65904ba
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI34tzUnjBhPh82qDB8:SIMd0I5nvH1svPqxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1948	msedge.exe
1948	msedge.exe
1488	msedge.exe
1488	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe
632	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe
1488	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1488 wrote to memory of 444	1488	msedge.exe	82
PID 1488 wrote to memory of 444	1488	msedge.exe	82
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1980	1488	msedge.exe	83
PID 1488 wrote to memory of 1948	1488	msedge.exe	84
PID 1488 wrote to memory of 1948	1488	msedge.exe	84
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85
PID 1488 wrote to memory of 4220	1488	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7165d97d608e654572f81cadb484e51f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd0746f8,0x7ff8fd074708,0x7ff8fd074718
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13423811501575635206,18141987075067701348,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13423811501575635206,18141987075067701348,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,13423811501575635206,18141987075067701348,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3056 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13423811501575635206,18141987075067701348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,13423811501575635206,18141987075067701348,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13423811501575635206,18141987075067701348,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2f4b655c459647b2abbeacc1b7f4626b

SHA1
ca77048a67ed809539222344174becc58cf795b2

SHA256
4fc7b4adbb12019d425568eb2deb51410ba4e21349daccf2d0c0ea712ebee811

SHA512
ef38daadbb7ff90bf716361e6204e31d2c5a71a92dcad1e626b418763e0cc853ddd1dc6842531606d03a41de47ac318b19f451fc07b7f624a91af972b7d92e57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6fe12606d50eb25e28d51eb9d9168765

SHA1
3f8e22f1007c1ad448fb0e6ce4805631be50876e

SHA256
144a67c1742eec9f3527a834080f5f23d7aaa146aca2506c64f21e01e699cab1

SHA512
6ecd7fc6de7527b3456b1a472b50afb3cf4a35e5b021f6672eaa16799a3770c5a17bed73316e285344d3bf66f499ff19e0ab406e45dae84056d8ad27725ec7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5187f3284c4e380ed7de8992639efeff

SHA1
42ac3e99bf1530d97eec7dfeddb0741c36412d16

SHA256
9c0764a174ebc1e18397a9b81baf693c25901ff89bf55125ef3ca3e1fd204546

SHA512
785b1eac849b418e31ce5f122a8d8b60fa3f490318f0184869d29570235fb3da2d347ecbc53fba145faa8c8c07cd2bc2d549528159c0b55eea06fb358d227552

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fdf91c187ad1ea790bfea4f8d681b80f

SHA1
4bbe9bedc7e7e667900d798d39611baf6a984108

SHA256
0fc5720f5d187c6f7055564f16df76ce348926850eb78cd82b6e90913b9410ee

SHA512
b58a8025c0164fa68b1423b0ebf1832728bde67713143909a21360451ce29bb49f31fe6a5bf444c4d27fb3938135bc3d86c16d8162c10b4fb77ea597d0eec7c1

Download Submit