c0eac7e72926ed97da5cacc0a53a8a5345cd53f38d16f4681cf87bf66f79a00c

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-05-2024 06:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

833e126a3a1a6a11368bdbb37935c1ed_JaffaCakes118.html
Size

74KB
MD5

833e126a3a1a6a11368bdbb37935c1ed
SHA1

3c9b667f0302f2136a5f47d1f099b9b5ec8d1c5c
SHA256

c0eac7e72926ed97da5cacc0a53a8a5345cd53f38d16f4681cf87bf66f79a00c
SHA512

9b69ef408b5c2a280801a48a5dd570da7eee971b72ea29a0ce47872a100c777bc2332a4a23ffe120e0e0caf5242bd3bb1f85e248fd0d62f5c0b2af5115ff346f
SSDEEP

1536:A3+3038frZWz3lVLXk5IvnMz4nN31pEMf00Ht+zB5gf1D9YTsuV+QAaIxZToCKA8:NrAlVLXk1E1v1Q8SHMLCqJM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1052	msedge.exe
1052	msedge.exe
3144	msedge.exe
3144	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe
1232	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe
3144	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 644	3144	msedge.exe	83
PID 3144 wrote to memory of 644	3144	msedge.exe	83
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 2912	3144	msedge.exe	84
PID 3144 wrote to memory of 1052	3144	msedge.exe	85
PID 3144 wrote to memory of 1052	3144	msedge.exe	85
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86
PID 3144 wrote to memory of 4424	3144	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\833e126a3a1a6a11368bdbb37935c1ed_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb0b9946f8,0x7ffb0b994708,0x7ffb0b994718
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:4424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2312 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9381371154771800409,15297290915315362058,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5016 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\692dda9a-b4d7-4aa6-b810-60e80a6da377.tmp

Filesize
1KB

MD5
132fdf12d76aca5cede930cf0e0ebfc9

SHA1
248d3613c59dd3cfb06ecb5c8e7aef337ca70524

SHA256
f0f2971946229b4db3112d9456ffc4adf216d32261b40f62ee57a4e16934a6e1

SHA512
6941134227c36a819615cfd6055a43ac23d410feaaf7f28e54b6a92109c5a88c48b5d6600d321cea6607ab25e8204cd9e0b586ac069af22472d2e4a76460a60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e04410afe90802b2e8ff1cffb262d526

SHA1
01c2988969a13bf8c3b61f2b1eb922dba2458e79

SHA256
ea97f5065556448b7d1e40b6a3ded4c6b26b3668808e828f11b71e654843bbea

SHA512
ac1958c2c4af290a6e2a7429cf76c895276b94b5684295777882f7bd1e142caf8974511bd7b1ba38e7240eaee02a06431903922a116a16af669d48d7b4804dd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8997addea8c25a9b03bbe39caa87d80b

SHA1
1d3701eb38f406d6faa63ce531ffbfa1b3cbe13b

SHA256
561f1ba34650fcdf3162592b9d6a476f62a201000b7745c62a43d7cb88604a0f

SHA512
db7eab25a49ec9466d744c637a9fe48bbe286d8362b6e12a410032477483606ec2a1cedc00e1b339f051907c779a59a0ab599c783d2d4f970cea245ef401c171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60fdeeb7ae57e606b31373ede7199910

SHA1
490364489ec59493d78f9e8bee9456448d0add90

SHA256
18f514c7220ea6e547461e5315cd0d6e81bb2ad3da3161e347fe4760e20a2d91

SHA512
726529729cf7286ee03d9b3e84b6f6ba6de2f070a7f0c14ba0a06aad7fe9d3e46553afa80eb22f278a41df24dd74813ee77d744743e14e538f1a3dc555d6ea63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
09813d180398f6ac6470541b5870cd89

SHA1
64d5f6ec44c66d92b010e7b30ea127af7d3c66e6

SHA256
ee0d5c2560c2fe84bce14738df0fc72cb3d875a5f65c6f7e1f35b9b64b1f0f98

SHA512
eb59281de691c9616a408a0519b96be51f6f4535d4067b2c229dbb3216770bfd3c7264cd4135319aad9c84b770e6342b6d47119c32d2a095858f4c9ec36420fc

Download Submit