ce9bd1d96f2aa9c0a80417a3cb4cc0e7efc2dfc942e6b331fad0d7f58097101a

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

88f8aa2511cacd1fcb8cadfbaaf5cf9b_JaffaCakes118.html
Size

19KB
MD5

88f8aa2511cacd1fcb8cadfbaaf5cf9b
SHA1

45010ac88d0b01a84cd0fbdb64ef823f5edf68a2
SHA256

ce9bd1d96f2aa9c0a80417a3cb4cc0e7efc2dfc942e6b331fad0d7f58097101a
SHA512

312de54fabdbe758a55ea6d6a04fcfbd4b828bbb26b0840fd562ce23a10bf662066b17a2ded20170cddf034f1298fff70c0fb64246eaacc13d807a73a505a567
SSDEEP

384:SIMd0I5nvHtCWS+uwwIQmDWJ+sv7CDfxDB8:SEgXA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1600	msedge.exe
1600	msedge.exe
4508	msedge.exe
4508	msedge.exe
5756	msedge.exe
5756	msedge.exe
5756	msedge.exe
5756	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe
4508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4508 wrote to memory of 4148	4508	msedge.exe	82
PID 4508 wrote to memory of 4148	4508	msedge.exe	82
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1296	4508	msedge.exe	83
PID 4508 wrote to memory of 1600	4508	msedge.exe	84
PID 4508 wrote to memory of 1600	4508	msedge.exe	84
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85
PID 4508 wrote to memory of 4632	4508	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\88f8aa2511cacd1fcb8cadfbaaf5cf9b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8d51846f8,0x7ff8d5184708,0x7ff8d5184718
  2⤵
  PID:4148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1539837993447121039,6619462307632075210,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,1539837993447121039,6619462307632075210,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,1539837993447121039,6619462307632075210,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1539837993447121039,6619462307632075210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,1539837993447121039,6619462307632075210,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,1539837993447121039,6619462307632075210,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1848 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
05f6e97318a89f223dd214807de20e53

SHA1
fad9769ba5415b106c0607a6f847568eeae449fe

SHA256
27872e3a2b7002d6748772ba12316525b8d6604c0a4d8a1c20a1fa47e0066fd4

SHA512
4d931b288e05a5ba2468d00083f5da9b08b2e9c79f58023e62b23b87810307dab5bf4fe6ac19d7ffa1b3490cde206c6d651e1f0c68c948e7da89dc97a12cc0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2f1dfe9c58b0f680bce7e0100e8e00cf

SHA1
8b9b03bf3e4e08e921feb767dd829d23b11ff0ee

SHA256
bfdcbaa4a336603c20a36de93a1ad157bee663ad842483cf5da35e2248929f43

SHA512
1ccc57c0d4f6d5a939c3006c7ae019a73e95f723581edfa03b6eec60b541330c10efba82af7b19d29f0ce5ebca4975d67290f7e21c980eacd83591b9b0e77bdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fc649b1edefd11eeebe44d2a7c16ff01

SHA1
301c58c323baf1beb2d9ef192fb01524d07e88b1

SHA256
88191331941386f5461be03dc85117fc31d440e7fe8413d14d2ed140e474012c

SHA512
a91154e5e9f5c24402281027368c060e97315b0e687745fc2c89e7d9ff7203cbfa134cecdca98d2508f8fa34b7b47d3111b696b5a6581ef4e7056e2c749d59e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b90a5d6259e162bfaffaa1b5877911a

SHA1
c03be1c396dd718a7e2311ae200725842e8cc4c4

SHA256
79eea585551f2c3be98c28513804e3806fa4347ff1ef407800b86f6648e83151

SHA512
21bbe56d9c8421fa17d3021974fc42307d146195cf659c3ecf5b2a85a4040988a70f50cf01bdf4efd6ff2ce43ddb34e30da4338afe5ebbd91e3f6044198a972f

Download Submit