e96c27cd077bca6a4d24715bae730a4c188770b403a4221b2e85a184bbd8bcb6

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 06:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86410dd0e8455a2fdd6d61821026f2f4_JaffaCakes118.html
Size

196KB
MD5

86410dd0e8455a2fdd6d61821026f2f4
SHA1

8a2a9512581bb3573a1636424ae9d8e1c501ce5a
SHA256

e96c27cd077bca6a4d24715bae730a4c188770b403a4221b2e85a184bbd8bcb6
SHA512

f55f219dfc011fb5e416b525f895a70214c99f2d35d29b1ee01234f2d5d6b282717908a01f8c4b6783129f25ea0c89dac76e1f528d08f7dc27c4bf36d85bbb69
SSDEEP

3072:lBwJx6QlPyfkMY+BES09JXAnyrZalI+YQ:rwrNlasMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1896	msedge.exe
1896	msedge.exe
1420	msedge.exe
1420	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe
4860	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe
1420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 1576	1420	msedge.exe	83
PID 1420 wrote to memory of 1576	1420	msedge.exe	83
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1512	1420	msedge.exe	84
PID 1420 wrote to memory of 1896	1420	msedge.exe	85
PID 1420 wrote to memory of 1896	1420	msedge.exe	85
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86
PID 1420 wrote to memory of 2636	1420	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\86410dd0e8455a2fdd6d61821026f2f4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12ef46f8,0x7fff12ef4708,0x7fff12ef4718
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14839929101679059981,1086255673491764361,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,14839929101679059981,1086255673491764361,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,14839929101679059981,1086255673491764361,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
  2⤵
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14839929101679059981,1086255673491764361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,14839929101679059981,1086255673491764361,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,14839929101679059981,1086255673491764361,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2356

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
266B

MD5
89b056240af807a1278d46f325dc5f62

SHA1
1e66dd4c9e030c5d2c23047a085822a372f17887

SHA256
f5f9f29fbb067a58ba60bebb0f36a61c535a234e45ff52f47f192d2836bac9f7

SHA512
109696dba2069f9b711948a93ebb6be8ee851336b14512c613196ca495158e8e53c3ad9bbc07aed6ea037b432f1101492a0e3c761d658f78e6e04d87b2715044

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39762dcacf6ee06a42764c597c6b3251

SHA1
0713b4dc591be828a1c2cf08cec7c804c1a15391

SHA256
fbc6f0ca9c46f65875ef911e1ce1fc50b6f4e8a35c225416d160982e7f3798b4

SHA512
186332f9acf1f346364a6e4db1ba47184be5e159dacc1f99957b507bbb73f927cf8e88547cca9ec5c32bd06c3ce55b329fe561bfc6c010d82f8a81163ba0badc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
93575adee53e99f75160634aaf53ac3e

SHA1
4657c62cfdca98f4bbc2d19e20fb5cfe73019cd6

SHA256
7e1d53cc55071b6e23effdb005ee5c8d9488da2ec5bb6fb7b3f4cb3c25ec521d

SHA512
0e3366cfcbcf9040cc558b5da56615925a18ebfe2d921fde38678f9202dd592395905414df657a268b90dad335c4519e9ce25d2496d8071c16aaf7499b7b479f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c8b7f8a7a267321b9143575092d53389

SHA1
f2a6e51aea717eb6c8df8f32580e054c97de4fe1

SHA256
a570e5ed5a033392670275fd6b7c5b66d8fea782af8c1c7e4fa50bf6167430ab

SHA512
76191bbd634a6cce74a0e7227746e58f8db50c81fc10fa145938de0a96c8b631a03e9a3a3026ef6556e14bc82cd7f8de2e1683d789ec6161c180009b6efdec7e

Download Submit