154048a24a475b7e3590cf6f61c5453780c84cd89126a35a2d21f13363d4532e

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a64ff7c5a98b7ef4aaac4ec8ada8bd1_JaffaCakes118.html
Size

69KB
MD5

7a64ff7c5a98b7ef4aaac4ec8ada8bd1
SHA1

64026e3fec3f04c7ba50a1f7c17bf3facc41c6c2
SHA256

154048a24a475b7e3590cf6f61c5453780c84cd89126a35a2d21f13363d4532e
SHA512

6c9fbf458f8055f7ad790569991d3db83c64a99689585a4b9288d0b4f267323c97159968d24c33f4d66485c63d76e1f9834cfce7b4bfd163f79d1be303117284
SSDEEP

1536:USO810mmF+dsu2bVLHnFfSdhqVvmg0GAUcLWJKKlt:UtRF+dsu2bVLHnFfSdhqJmgRAU0W8Klt

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2552	msedge.exe
2552	msedge.exe
4748	msedge.exe
4748	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe
4748	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4748 wrote to memory of 4232	4748	msedge.exe	82
PID 4748 wrote to memory of 4232	4748	msedge.exe	82
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 1108	4748	msedge.exe	83
PID 4748 wrote to memory of 2552	4748	msedge.exe	84
PID 4748 wrote to memory of 2552	4748	msedge.exe	84
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85
PID 4748 wrote to memory of 2776	4748	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7a64ff7c5a98b7ef4aaac4ec8ada8bd1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,9815340347014626875,17872742678837456950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3088 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\87c23e88-306e-4d4f-8628-2d2c210f4414.tmp

Filesize
5KB

MD5
68bc3be5db95b97f7f0993fcce1e86a6

SHA1
bde033ff6b54bfb39f32fa79b68e5151e2e69b35

SHA256
7e5faa3447e3deeb4a1d886f3760aa2c5fc2908367c10b52152e6e958b461cfa

SHA512
b0f218350bb85bdbf8aed6c57a6340f90c097366cb858c9c86993efa5468a26e070330cf6f5458b8e5c62b95c6bfae9de035b3c12045bd560205d65d9ad508e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
20KB

MD5
b6c8122025aff891940d1d5e1ab95fce

SHA1
a0c7ca41d0922d085c358f5dde81ae3e85a8c9c4

SHA256
9954c64c68000f615e5066bc255eced1195d1f8b7dbc715f9062ddf9f147e87e

SHA512
e62a37b55b6b8d95c24fb624105ff6ff72f118e31760d0da1e8df8e8acf627ec6327c26dfa26df8535585877604c7948d2f621ccabc39beec49787e22c302c10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
19d0bb6680dd8e843927b8be3bc4b952

SHA1
8550ee5a98cf0154917d6ee8780495a555d444a3

SHA256
6d00b51cd08c8deaa7c4acf6b829f5b31bd0a94ffcbeb7779fc0560e7ea4b1de

SHA512
f64f5a5230d01cbd0b73a07c67e3b5912933923e3e7211d18e9ac05bf7a6867e446d367a7e79b730ab6a2ee7f64b538385ef738302f06f8732a198542ad71161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cb095d3e51426bff7a9e795f43ede511

SHA1
ead2e6e0f254d7d63d34c99f6995fd4fb7471842

SHA256
85c053ae2c1657c9b3a86bb0bcf308250ac8ea2d41eb41e6b0f4f83b5c664073

SHA512
024c20a465268594d40218e68c3ad37b946e4e9193ffee5a5c47376004a1d7d9167230673219370b98f8a43cec67148043c2f8a7451342504fc26212390db545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0e72f4860ba8502b3e709c5339c03dff

SHA1
471c7cca442e12b33481abaae08716e45532d285

SHA256
8c1d8f061de91edc14625b082199bcb0d17538c564e01c60b0e57d9b13e3798f

SHA512
3cbe6c4af0bc585d7162c5c208fe4da1377b9a40d9a3e4769c94470d685aa2cfcaa20e96cc6d3e8c8b1f62039fa638dcd2a2e9e539a6aece24b73bb1a98ee2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3de46f374153a6b04505389dda3c458f

SHA1
fe2e57ce0c2a4383304b411d5a522dc8d7759702

SHA256
413e007ab015c68032db266f9296d7f4ab774118724c234cadba47e48e55f03c

SHA512
6156a53683eb259fe3baa8fa8a43eda4dacccae3bad4d0db0c3f00e34914a1515b926124640e5f6f39ef620565148083bb494137f11bc0d8253c2d0917d94961

Download Submit