532892fa14d810da862fb8eb4a0fcd3c0bf57e02b2b27c09a0c7922db29fb803

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 17:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

79e007687f3f0e89080a8902d1376276_JaffaCakes118.html
Size

102KB
MD5

79e007687f3f0e89080a8902d1376276
SHA1

3efe5811a61d731ab7bd293ffe22cbf45f77b687
SHA256

532892fa14d810da862fb8eb4a0fcd3c0bf57e02b2b27c09a0c7922db29fb803
SHA512

03b842558068f4dc964884d584b94161c1c53ffa443024e3a4689c01ee9f85654508e9649d6df9095ec7722a6fbb3b6ff268903bff94181ac2230ab3bf72d57e
SSDEEP

1536:EWOMp0qUE8wG3uou4v4ACeskaPJSQDHpXvBeQ:ECPz8wGBZCeL/QDHpXvBeQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3756	msedge.exe
3756	msedge.exe
3064	msedge.exe
3064	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe
1508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe
3064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1512	3064	msedge.exe	81
PID 3064 wrote to memory of 1512	3064	msedge.exe	81
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 2312	3064	msedge.exe	82
PID 3064 wrote to memory of 3756	3064	msedge.exe	83
PID 3064 wrote to memory of 3756	3064	msedge.exe	83
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84
PID 3064 wrote to memory of 2376	3064	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79e007687f3f0e89080a8902d1376276_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc8f746f8,0x7fffc8f74708,0x7fffc8f74718
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,13207292905348241961,2198992437875663162,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\108e1cf0-1765-4bc6-9348-63674b5f0282.tmp

Filesize
6KB

MD5
622795108ff3215173b096749327cf1a

SHA1
93bb1078c6520d0314728dd5c2e4e5232ca2da05

SHA256
f60c089bd5def3ed4a456514b91664134042641307cba17e2107fa6900a80c98

SHA512
bcb01449225c370f6f057c85e9770ae5dc262348c78bdf37414b82b0f9115ab6e014dc6978d934e3ae10e165e620a415618329b669efcec38d59e8701d02d507

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6ec53a4517ddd80770b39596abb73f03

SHA1
54c3c01d274328c6c64abc0149e69dc9d6bc8978

SHA256
a41074949f532ef66c9dd92636170a38a06f0e3ca5571e8442ccdebe308cda37

SHA512
16dfb3c869d7e985a23c3ee9300507dab9720bb65b12d1e7b3e04551716ea238df0ae8a38a70abed276f47145d3043e53441291e6605f8a4a5447f798754f98a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c68e77cbcf82ec21c86e79721d3048ab

SHA1
3b83861b66bf0077d3fabb424fefc9b33312dee4

SHA256
c7601b43b579789cf49eaea5d592f3fbde831bacd82224641484facbf30cef46

SHA512
8c41483b1c25ff8ada00756e249cb311a2b5c50164f91fc7360af051b7ed82d084fbe51479b467e0e39d4b08bbcca6e36c99d02f1a86bffc6486c9dde4b990ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c771f766f650d557e3e4ab6aedea43eb

SHA1
30c5be527905129bf4f0432fec6ea968d6f8f407

SHA256
4e5d77406be642f72d1e18865ec6daeb8529d25da49c4cc87bf1e33e2a25ac26

SHA512
43d75154d32d1a229a82f6ca592b7a89790b49d77c8fe2e6944742910b92b6245c968ecf804509bad05be02b6107760f05f8d5359ee4237402aa94d653272342

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7c9187fca7e896c7de8d7cb20c8bc3a

SHA1
c3c97d43c3896c38e63f7187f68c31f3bc3ad522

SHA256
eeb341d59fabd778d717ec03da7d84f7f2fcbb0bebec8dee963d0b22b63e21b8

SHA512
5db58624af34390378be658498c9d3c7f9a1a188374d97c41380f3005ef27802264f899b7d629a5e807df97bb6f6a0fd020e464aaedd2b4d597fbe352b67b1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bb5c3a4f18ffae75546254e26eeaf699

SHA1
3bdd45e7c456caa5f753216c6b7afd2550c75cde

SHA256
efbbfb4f5eab0a10c7f12590ccba25b18e3fb464678fc735c523b78324c22319

SHA512
2b74687c649065cc0331bd38318746b2079f7247f4e39ee6bf291fe87f78f29acc8b83ec86f4de9e6f36a1ab15686eff836dd5ad2144fa0b18366da4eb4256be

Download Submit