1e75de4ba0b8f66acb6aeff3d02d41e34c8e0b77fb536c2e1ff06bb85618fd7f

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 13:30

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

7d203d2226fd0b8041781948abc0f896_JaffaCakes118.html
Size

51KB
MD5

7d203d2226fd0b8041781948abc0f896
SHA1

23f06f931dabcdfb9f17d936f34b083f1b3b0eeb
SHA256

1e75de4ba0b8f66acb6aeff3d02d41e34c8e0b77fb536c2e1ff06bb85618fd7f
SHA512

8059151ff257b4b661e89e00b6a8b5ff00fc54111dc9d0d72e23b0365b13b3150049fa685f07c214d337e6ddd7ead22c1cafdebcf022864680631208b1ccbb91
SSDEEP

768:tqH5Ki8wVB3njXX4QzkEqEBzNJlUKQNYA7A1q/AlZKq:teKi8wVxXX4Qzjzvr67Togq

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4904	msedge.exe
4904	msedge.exe
4588	msedge.exe
4588	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe
4588	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4588 wrote to memory of 4708	4588	msedge.exe	84
PID 4588 wrote to memory of 4708	4588	msedge.exe	84
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4508	4588	msedge.exe	85
PID 4588 wrote to memory of 4904	4588	msedge.exe	86
PID 4588 wrote to memory of 4904	4588	msedge.exe	86
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87
PID 4588 wrote to memory of 4972	4588	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7d203d2226fd0b8041781948abc0f896_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa597346f8,0x7ffa59734708,0x7ffa59734718
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4516302974101536229,8532340206196052243,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4516302974101536229,8532340206196052243,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4516302974101536229,8532340206196052243,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4516302974101536229,8532340206196052243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4516302974101536229,8532340206196052243,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4516302974101536229,8532340206196052243,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c43bd898685c1a9f9ae92473785c92c6

SHA1
660dd217cf318e93b20e0997a989ef574ea1cf83

SHA256
4d5f46fa3c2d8162840a0412e16cac13782600d988431cdff26913b81313482b

SHA512
64ceccc414280184e8e947a38f9d0d541b5e5fe45692e8dad35eeb4ce0732793e2b8facb9af6c0b07673e4d9f1aa7916f58bdbf864654fa5f0298b67dab6e9e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d8e9adf6d9d7ff0d5b0db5f1bec824a8

SHA1
82cb34ea3666a34e9734db3da7057a5cff73a8af

SHA256
53b185aefc621b5deace07408708a5fc5ff63fa5c95b4108c0c74ded70faaaeb

SHA512
4f30563ad7779e306d75473f95691dc65cf51a90dd16e9f4dec2ed42b20444dd4de9180883fe8727a56a0cecff4dd41f4ea37f55173904a79f6a7ee83d8a8691

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3815fe3197e90bafe20e6a459e02afa7

SHA1
2be7ab10fee44b93bbda1a77790ffe12e47d31fd

SHA256
b2ae695a52bf573e75465fdc9c42f73674cd71f2a0fd78d38025f8c604c5751d

SHA512
b7b1648c7a9824184666975447082cbe34ad46175f815555ae09c9b12f85fbb36cc5b2fad7eb23c631956ff75479ab43697b0ddb8e9c46c05a3dd93f7346618b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9b07163c2697a336d2da424af6ffbe44

SHA1
a6429ef83411ad153542cb9a4e5c4b4a802fdf5f

SHA256
295015d3b38bcf29b4c8c8dbf1aa8caba7f7bfce4e7db1976e294f92ef1a26e4

SHA512
523d8bd235666d0d63e66423e5595b43e319b09712855646db29727443b5bfb2302eeca609969f1371f68b2c44e2b56428b283256a00a255463dfb7e1b3cfb9b

Download Submit