530ace2785b640e253b8d6b597ea68a1cfc15108d4e0fa6966135d13dada7091

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 10:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

80649880fea6f2cc2d4d2b43e9f05e74_JaffaCakes118.html
Size

18KB
MD5

80649880fea6f2cc2d4d2b43e9f05e74
SHA1

34cf0e1a185909a9608d4e9356f150a3e47cc24a
SHA256

530ace2785b640e253b8d6b597ea68a1cfc15108d4e0fa6966135d13dada7091
SHA512

b5f5233512c1878dba2036e75d31e8050b958cf6123977f05ac6fdcbb991a3d8bf6db12f7e5594a4f1812efe5a7c9c3a1590f3f987a16857e7b719ea8c00a60d
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI24azUnjBhSE82qDB8:SIMd0I5nvH5svSHxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1928	msedge.exe
1928	msedge.exe
1724	msedge.exe
1724	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe
4660	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe
1724	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 224	1724	msedge.exe	83
PID 1724 wrote to memory of 224	1724	msedge.exe	83
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 2372	1724	msedge.exe	84
PID 1724 wrote to memory of 1928	1724	msedge.exe	85
PID 1724 wrote to memory of 1928	1724	msedge.exe	85
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86
PID 1724 wrote to memory of 4560	1724	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\80649880fea6f2cc2d4d2b43e9f05e74_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb611046f8,0x7ffb61104708,0x7ffb61104718
  2⤵
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7382560485658684269,17536078159416548923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,7382560485658684269,17536078159416548923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,7382560485658684269,17536078159416548923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7382560485658684269,17536078159416548923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,7382560485658684269,17536078159416548923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,7382560485658684269,17536078159416548923,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:60

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
09322cb8652d3289672152b2391c3440

SHA1
beffa20f4747dc2cd3be669dec9b3aef62289b37

SHA256
9804efa780b9fb2fc8026717d47c21db320fec4c2b04bd1475e171d2102d2256

SHA512
289e5c145f1a0551854b2ffe91004bdbb28c75e06825d447fb7444c7efb03e1ef9af129f7e841c25245c24a831a42ca94a094f28e201f9b51497571dba434d2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd241df8bbae9ca61ff10da6e507e94d

SHA1
5427174c3e9c5ede093b2f35571060326672b9f7

SHA256
ca450c4fca06db7e235a34386d7cb84b7841409bede2e8a2ed51204409ceebaf

SHA512
b4e3619434e264702c754ceae971002e1202241177a5e19777f3b9917d5d5319b9e6faf90d0589ec3be5ceeadebe44e643335f4827b4fd8ba6f09db28d73e96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1254fe2277d5e98afe1093aed3b14feb

SHA1
b0297fce16bfa3ad40894c2d95c6a42db4da6260

SHA256
0abea983dc83d17d69c234efa7b2143c1da8c112fc20aa2b49603ad12fa7326a

SHA512
4ad05333fd2ff3873a0dd2fa91f81ae4f833df0911be790feecba8e664dc0e8f692c59f6d9dab2c77629ab56ceb4d9282e7f8148fe253656229e6103b723039d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
990e8c62fb116e955e038f50851ba9c3

SHA1
cd25a5c9f65928276966be4321b27163402f9b22

SHA256
6f85b87d4e926344b3e342c158635ae4e4f34354e665f3c4d791811f44e7927b

SHA512
369db794c6b73a5cee4a75a7eec1621aeb18fb3c6ac8a2520b067fd7567a4173039bc74c65aaa690e54b9c76ddf6c00129451443652e42d3e747b0bf1ae2f584

Download Submit