4bf46c64aa62fcef887f6dc120c21bb83cb318726a2a1f67a7c5c84080cd0e72

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

820ec1600fe0c7d2e7a705037fd92f63_JaffaCakes118.html
Size

26KB
MD5

820ec1600fe0c7d2e7a705037fd92f63
SHA1

94e13bf66b20df919dfbd63c898af8e2c9d4cbc1
SHA256

4bf46c64aa62fcef887f6dc120c21bb83cb318726a2a1f67a7c5c84080cd0e72
SHA512

987ad0403ce9bbf84c06aafb8d57a303c03a0278d06084c16dbfbaf37a5667ddde979dbe611ccc8f14cc4cb22310b8c6f6a79b0a181330bab58d292a0c7a7762
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIl4NzUnjBh3J82qDB8:SIMd0I5nvH1sv3ixDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2172	msedge.exe
2172	msedge.exe
3228	msedge.exe
3228	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe
920	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe
3228	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3228 wrote to memory of 5064	3228	msedge.exe	83
PID 3228 wrote to memory of 5064	3228	msedge.exe	83
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 1468	3228	msedge.exe	84
PID 3228 wrote to memory of 2172	3228	msedge.exe	85
PID 3228 wrote to memory of 2172	3228	msedge.exe	85
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86
PID 3228 wrote to memory of 2988	3228	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\820ec1600fe0c7d2e7a705037fd92f63_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe931046f8,0x7ffe93104708,0x7ffe93104718
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7555427387754990111,8599063742676576950,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,7555427387754990111,8599063742676576950,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,7555427387754990111,8599063742676576950,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7555427387754990111,8599063742676576950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,7555427387754990111,8599063742676576950,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,7555427387754990111,8599063742676576950,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c52a071a328e9a311fa3613b116ca844

SHA1
c5bd07a88d40bdcde4309a237f6356cb8ffdae74

SHA256
4f7721e22343e28c21ae76c154e2d05a0719dafb3efe0c7a7ef09b192d98ee9d

SHA512
c0470c85341bfc04b5e23e2b110a77107f3b950bf4bfb770cdcbdab90ea6efd3d81560cfbacccd9564ffef527dd4b8330193534f3c0fabf8203deffc3a9f3511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
edca68f52507a2ff5cc450adeaeb1f25

SHA1
ef6c36e110e7babdc363a69c6e248631106cb0e1

SHA256
9b527d0ec6490159b1dd5bced15c041b85b103071da4d893cc64db73cc434c72

SHA512
50efcb0d53a48305afec24452c447f34a918ea0d0183184c1726d1eef91514da55a6ef407dad48a10dc1a872b4a205d6584e1e39638821dedd4f3f9f0148ca6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
951f55b0ac450499d90566f84ff784de

SHA1
ee101b387e52a1feb6a603054525a901ec9eb06c

SHA256
8b601dd2c954ef8604b14ebb0c2249784fcfe0ed0bba9bc849d52a5b888aa07b

SHA512
35a371373f128a3806107701fcf4eaae6eb5e9bba2f1dcf1bc82f85862885f3916ed8a97d3a9237659afbd1208b7ac46ac632de0dca8ee3de8f340910027db4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04bb01056a06c904748fa72180cf485e

SHA1
a9401fba526afc913f1a82b3738fb2c51dd088df

SHA256
55111283980578cf6d0d3b5c2520497bcb1d18fa3360243170311dea0fefb6fc

SHA512
dd3a875527de44c4f5052e63e736e5c793ccaf398d4da9b7330b961f3550f861114f1c5d5f3f2094ef58f051c3baf06917885e806b4badf47cead8a20dc3ca65

Download Submit