c34afdb993305a8186b015cac308e0e3024ee50f71b3fa3154f22233d2266d77

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

719edebb74e081315f3029e3a29c8200_JaffaCakes118.html
Size

18KB
MD5

719edebb74e081315f3029e3a29c8200
SHA1

d4decfffc7dc4a2590249014c18ea4da8ff98258
SHA256

c34afdb993305a8186b015cac308e0e3024ee50f71b3fa3154f22233d2266d77
SHA512

82528006bc4e24e36257df10576ba13db52b1343b7409e8a591a38dfc4d508e90e52801b0b73a6b8e731404d2fdc35193b147563c1e5fa66a311d74b7451e86e
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoA8c4HzUnjBhZz82qDB8:SIMd0I5nvHksvZoxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5024	msedge.exe
5024	msedge.exe
2552	msedge.exe
2552	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe
4852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe
2552	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2552 wrote to memory of 3728	2552	msedge.exe	83
PID 2552 wrote to memory of 3728	2552	msedge.exe	83
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 6112	2552	msedge.exe	84
PID 2552 wrote to memory of 5024	2552	msedge.exe	85
PID 2552 wrote to memory of 5024	2552	msedge.exe	85
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86
PID 2552 wrote to memory of 3780	2552	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\719edebb74e081315f3029e3a29c8200_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9a54046f8,0x7ff9a5404708,0x7ff9a5404718
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6304682075553094973,18217849192474368637,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6304682075553094973,18217849192474368637,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6304682075553094973,18217849192474368637,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6304682075553094973,18217849192474368637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6304682075553094973,18217849192474368637,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6304682075553094973,18217849192474368637,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93b42064d1c47c1fe7f820ff006be830

SHA1
b4bc32d432ba4f465d7d7c431cf74f2811d3388b

SHA256
38196f937eaa18bcda9d8f997e208d3b5b50eaadc28526664172f9d795bf50ef

SHA512
36be4ed26e5ebcdce1037e2cbb314259ff0328e85ed3345b262acf6a1974fdaedf1708772e2de8ece2fccacc30e0f047fa09b230ce8bfbf442e2f6f0725d3ec1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c24066f7b6c2a7dea38c02fc177316ce

SHA1
47eea9916eab419ec6cda797fd1808e51bd02618

SHA256
02eea4aa406b92bc7d04be2df09fc5371568a1578bd74a3471923e1ec3fb3dac

SHA512
e7e530cba20aea94d2fe2b1d61b36f35754a2c378e550511c951e788ec8e80ce12f1b0bcc7d6e946613df7d83f7a54e3deacafb3dd5c98d6e48a3af8e0d8919a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c0c80b81157fd2937b32f1eb725ec411

SHA1
52d3cf9c172b9f7ee6c7551d3bfaa867df0c36b4

SHA256
8f0f098ebe7fb9dfd0b87a9a589b51b9e296e8b4da0624f8d02db8bc212c0ad8

SHA512
6c06af459efd5c9e5b0a4e7f971ec84d9f3223753f85a09ce8e4478ef30ee7f95c4a7bb870eb10f06cc08652b472894a37ff1254accfecbd126d4e95290d5e60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e41c1b8191dc97a7dc5f6e887f0aeef6

SHA1
0f8fc70b55f73768ad61506ac7bcae78d5471291

SHA256
08636ee67c35906598a4f56792f79bb339275ad57185d5191b67f0ba17a04c12

SHA512
071c86dd6d7e186674f4bd482ed604e7b4207e22d33b017a8c52bc8a6396dd38cdd3d464187bf1cb0bf43cf513fe6166bb15b2403f7f0a95f7df72b877ae9fc8

Download Submit