d582008dd52ce3e266a1c34d480770157028ffc8adb1e814f4a25a05ffbb1db3

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 17:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79fbdb82ad943bc9dd29016e99552330_JaffaCakes118.html
Size

213KB
MD5

79fbdb82ad943bc9dd29016e99552330
SHA1

79a5ac9a2efd101e326970cc87ed8384b6282aa5
SHA256

d582008dd52ce3e266a1c34d480770157028ffc8adb1e814f4a25a05ffbb1db3
SHA512

511e98f3507e6a4ad8fa4fcedb3fd341a5394adf1c35a62d9755a65344069f0d987f7a6ea57e2fa2665f6bd4a4fff358c6f46b59e9a7a92f1687b6c5b8cbcb56
SSDEEP

3072:Snnjz8ObQFBwryfkMY+BES09JXAnyrZalI+YQ:Sn7DOsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4868	msedge.exe
4868	msedge.exe
1800	msedge.exe
1800	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe
2260	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe
1800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 3616	1800	msedge.exe	81
PID 1800 wrote to memory of 3616	1800	msedge.exe	81
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 3116	1800	msedge.exe	82
PID 1800 wrote to memory of 4868	1800	msedge.exe	83
PID 1800 wrote to memory of 4868	1800	msedge.exe	83
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84
PID 1800 wrote to memory of 4728	1800	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79fbdb82ad943bc9dd29016e99552330_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7678314441166354979,9613299413512867683,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,7678314441166354979,9613299413512867683,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,7678314441166354979,9613299413512867683,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7678314441166354979,9613299413512867683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,7678314441166354979,9613299413512867683,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,7678314441166354979,9613299413512867683,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
db3b6fed91423b91d96841c440f79fb4

SHA1
c6330f144558669794deb1f19aaa0f4d4a1124ae

SHA256
c1883951312ecb82dc4a8d02aff67b63611ddd5d7c136a7bd6cc189bff170546

SHA512
d2fa0de42bcd0e13eb720fa0b2cfe36cb51ed89b8d9b636220c11c00be6ef5c0cc0b069f8d8e6aaa750356f512815d694ef2635c98f5ca58a4a4db9d38302178

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b18ac2d67017c2f8b1481bae5efe3b99

SHA1
37a845b2f42fcaec48e384195ed5e3c3b2f099c2

SHA256
a96381502370387e42815de7891b2f94069be77f0fe64185ed18741536fbcba1

SHA512
2311d966a70306b5af1fb9e69d22f0769ba814dbb59d9193fb2e3264d94ce0987187180409bd518bcac4fd109092ea44bdc64afcd813335ce5aec99c3381c56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e411f9775877f2fbbf7d079347df3390

SHA1
3f06849ceb2478ca2a9ec9325dba91abef6edc7a

SHA256
027c6b97088fff8aa051bb672e9f1c164f8e6af4f94d616106e56b5befb24d5b

SHA512
289f7e3ce02f4e17a3589594118d11e76e997e8110682c86a7ac24a1118f38ef1e1f6a22550a81d42e6229cce87733a9318452c26628144b9691dfb7c1771f23

Download Submit