b646801f59b46be1b82d8d46ba15241215977b8e6b5b7f29abfc4f0ff2bef7cd

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 17:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

79d52b3830650246c478ab76531bddb3_JaffaCakes118.html
Size

209KB
MD5

79d52b3830650246c478ab76531bddb3
SHA1

3a311020d5e325b867371ead8437dbfab9d33490
SHA256

b646801f59b46be1b82d8d46ba15241215977b8e6b5b7f29abfc4f0ff2bef7cd
SHA512

af2aa04295153f635043311bfd775e43ddb83ce234c3d30ed70edce230d761af361e4c8e3c44a930cb9f6c78fa8ec290c2a194f78d41e168c0e8fea5f310fde3
SSDEEP

3072:sXnHTC4UbCGvCu09s2o2skAieGw+u5nsB5HHjfYjrz0Dp9iM9mr6eV:sXnHTCzjvC38kAieGPB5HHjfu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4744	msedge.exe
4744	msedge.exe
4892	msedge.exe
4892	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe
4768	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe
4892	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 4088	4892	msedge.exe	83
PID 4892 wrote to memory of 4088	4892	msedge.exe	83
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4552	4892	msedge.exe	84
PID 4892 wrote to memory of 4744	4892	msedge.exe	85
PID 4892 wrote to memory of 4744	4892	msedge.exe	85
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86
PID 4892 wrote to memory of 1612	4892	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79d52b3830650246c478ab76531bddb3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb685f46f8,0x7ffb685f4708,0x7ffb685f4718
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13415827775658040611,12782749195394970458,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
b4bbeb1de9a196b8988adc71301580e4

SHA1
8f5792a44033fbe9f8ead93da0516da86f02bedc

SHA256
92b38966369fe5f01f04d73fd5bc130b45d1198f40ebb94a96343fc06ae39251

SHA512
84057b8db81653170c29655ed15885e8798f3d99cd13e70e8ecfb6e0c7b2a085574323ae57a81780ff3fe85b8d58c08df525df7e184658ce95d6a53c59062fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
9f842242ee8ccb77ca959d8147b8eabe

SHA1
cb982cdcce8f28a59056cb8b8c0de2bc63d79a2d

SHA256
32a62353f3a45a05a71ae0e69b58fba4df9bfdd750d49d0a464faf18b123f5dd

SHA512
d53302c9237c665c4f53551164504b807c3fea379cc85d4c40bcafc2ec4d0b4eb8114d46c3a5dedbddf8d07809f3c4f3263b4740e535a26c992f2904e21d2707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
11855f0891ffcf920680efb923b18d17

SHA1
0208e2c600817f99a6f04ea462ba4d93740d66f2

SHA256
b82195e76d7af676b02aacfb10aa813c085cac4c75d4880b7751ea57a37b63ef

SHA512
f053918208765a589ff4cba62f058e5b2e34bac79f3e80fe5424ca3445edc4e6288f4d087b9992d6aad2fd094f05f77853a05f0a56962f5f3094d9f7337949d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
190345b866775c248d050fbf5ddd3a64

SHA1
12e11e451491c595a634c8e50a1cb2fc1568fa41

SHA256
0074386e1fb9f039a0c458fd4b73bfa85241a78a14d5bd4ca761afe4987360c2

SHA512
e4fdd63d5bca864ee42d09eb3580f7562869cf182ce0d0b48d18d15eb6cc5cadd5c7a862c173794c97d336a873437ccba46a9f14c9d62010ceb62c454fffc34f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
181b2e3c74c408fccb8d2815a2d772d8

SHA1
1a5e8c53c9ffce62032baba5c80c8518a7e96ad7

SHA256
ff7355d25c0a623abe1f2031fa58585680717e87b55c20f3add6552b2b5e50ff

SHA512
9269f61229acfa27548a4d76e8cdc2317884a8f8789698d77e6b21b7b8daa7e74c8fc8e75ab00f6b286d38b28f1f0b8ffa7ad14072006035ef504be5df13335a

Download Submit