9d9de26ac7355c27c883d7f205c795ffd47c72c235f3e81a73dfe7a51b8d6260

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 19:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

881e41e80d376bd89f1f212b5b4844c0_JaffaCakes118.html
Size

18KB
MD5

881e41e80d376bd89f1f212b5b4844c0
SHA1

a8ac27493cc1c69d5ec1e7421b13e0418d60152f
SHA256

9d9de26ac7355c27c883d7f205c795ffd47c72c235f3e81a73dfe7a51b8d6260
SHA512

d0448756ff410c4fc1d0ef27388d239ffd344f2eaac94772765d0a1aee531c8c82c4f67a451617a7c810613eb5456962f0e23d96e62cd0d62182036790daaa4e
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAeP54DzUnjBhN382qDB8:SIMd0I5nvHEesvNMxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
532	msedge.exe
532	msedge.exe
4016	msedge.exe
4016	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe
4016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4016 wrote to memory of 4828	4016	msedge.exe	83
PID 4016 wrote to memory of 4828	4016	msedge.exe	83
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 744	4016	msedge.exe	84
PID 4016 wrote to memory of 532	4016	msedge.exe	85
PID 4016 wrote to memory of 532	4016	msedge.exe	85
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86
PID 4016 wrote to memory of 1076	4016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\881e41e80d376bd89f1f212b5b4844c0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffadd346f8,0x7fffadd34708,0x7fffadd34718
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10391645693644659299,15845286885348330287,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,10391645693644659299,15845286885348330287,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,10391645693644659299,15845286885348330287,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10391645693644659299,15845286885348330287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,10391645693644659299,15845286885348330287,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,10391645693644659299,15845286885348330287,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cfe177f0a03866de4465cc35f48bef85

SHA1
87422237911f13de1e0c9b65742f69d6e8addad2

SHA256
abf0643939965719ae09877f270da033fb4d22c3b722634ac00e8e088601e155

SHA512
dfbc25c4e805492800c27916d8b206b6c7b0eb2f44dbe84682e846607b3451bdc9564f89b42cd5b2556ab2ce11433b64dbe0e3572bd0260f1c817d6b168859f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8b33cef4737fa9baa5b5e4e0fbef514f

SHA1
7b52c5277055ece3ea568a5158cc6a4dcaa8deb8

SHA256
78676e648ff29f3e226377f79df7daf81d57687716fde6716ddbe469d63cf1d0

SHA512
59583ad62c03c10d4facc18e2bee79314eec22e87b3760fd5ced9b2be5cc2d6679fb013c96aaa2997754692048894545f120fc59c069540aeae4dc68b5276f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
932031377e13536fed31ac67a28dc0e9

SHA1
d7f471e6e7c792576c12935bac46b4f2af186478

SHA256
720a19fbd9dca9fe77f56ab0d280323ad42c9e5a44b9e09cd453b5d4af7d5b37

SHA512
90399f7c53e95cf7fe469f3e5e7058e3732b8271e9db1d3507f80ae9c4e16800ce7ef182bcb23348afe5a1458b6a4394e685815c812c877860bb137417f166af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b273e37edc651228d2c0ee0fb041b862

SHA1
2f7abe9a683752b8ef56255f92adae2bd3bd80c0

SHA256
7d84818a68221bd2e15f55fd01230d01abfe175995b53877263d6ba09ae1bf5b

SHA512
39a5eb326d11d3397a8afb2399d282c3660b6135c4783218976454d2ee45f7404e91a253a36794700f9ec3e06d0b467aa35a90b970d709199cfebd184bcd0c6b

Download Submit