57d465dc902f2902ce870616cd8c2883083f2e1bcae16e10ecc82f2bff7b9956

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 05:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

861954ef330b00195333820e9705d022_JaffaCakes118.html
Size

19KB
MD5

861954ef330b00195333820e9705d022
SHA1

c058f14afe032e0aa3b9a24f9088ce51e099d849
SHA256

57d465dc902f2902ce870616cd8c2883083f2e1bcae16e10ecc82f2bff7b9956
SHA512

16db3165f68e2927e247101c4b94b3e9522f6a85ac236032824303e06d16b324de7ed9892bf878392b155ff628680bcfe682011550af1de5555a29acc88c503d
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAII4QzUnjBhga82qDB8:SIMd0I5nO9HVsvgZxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3236	msedge.exe
3236	msedge.exe
3948	msedge.exe
3948	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe
1468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe
3948	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3948 wrote to memory of 3408	3948	msedge.exe	83
PID 3948 wrote to memory of 3408	3948	msedge.exe	83
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 2136	3948	msedge.exe	84
PID 3948 wrote to memory of 3236	3948	msedge.exe	85
PID 3948 wrote to memory of 3236	3948	msedge.exe	85
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86
PID 3948 wrote to memory of 532	3948	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\861954ef330b00195333820e9705d022_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadd346f8,0x7fffadd34708,0x7fffadd34718
  2⤵
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6346691003175774095,1542232002167034932,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,6346691003175774095,1542232002167034932,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,6346691003175774095,1542232002167034932,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6346691003175774095,1542232002167034932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,6346691003175774095,1542232002167034932,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,6346691003175774095,1542232002167034932,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e93a86459bec83ae713b5dc3364ca5fd

SHA1
05f6664c3b8f9c71960f649ef1f171b6cc5b4847

SHA256
6ec6ae1ba88b7ec215d6a1be21ffa163789a9335c374d9d3d84f79e81cd26e4a

SHA512
2a5e6c5b26f1820aa0c0ce01c0e9319782ea6354ba5de0c55e637214e17f1efc6c7912862568d44017b45aade8d20ebd2f6ea3941afa272c4c95dea350e42d1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
780dfa31b6eaa263adb2d727a8db9419

SHA1
dce43c5997441ab57fd00abcbf372a8f0230d8b1

SHA256
0fc7f04e21585d176bf0188d511e9e8448f680402a0979d12d3e77214073dd5e

SHA512
9fd131f73bcd355a1a4e08bc237c52c0647cd3e67b9fcfa4048842cb4bb90cb874745e1b3b58f28ece494f4c32770b0fcf1b5cbb41970183de8fe1ac91d0a3fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
35f53b324b3dbc0e13c31f05e79736b6

SHA1
2b126ee2792e2cb8b223f2d3d8a1bda57ad8a71d

SHA256
c69ae5fc2ac7930dfbf517903425130db751d43e2b90126100414ea82b572bd6

SHA512
248e1ff50396545cc92aa22562dd21797ebb0c57c7327e0f6325c07f4c782e08534c1244e38a65d24a7f5c861616169a70692bcdd79403f03c772f37dc25c724

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a3861d8261d047e160aac1c9818cec85

SHA1
1cd7e722fe6193988f18614364916fe3190a1fd3

SHA256
45444b21654654603a60445bee6651644a7db16f52c75d86466cc8ac69856e8b

SHA512
5215ecdf59843f68633ef3702099c6ea2d6787d8e5abd294557d26c54bb0c4270016ed21335c0579888591f7db54e60b139ff2aa221cce8469775dbc0884cc4d

Download Submit