7699e5fd5bd275b55532abcaf175bc3bee4ff0b22d08548459aa74453214ba53

Analysis

max time kernel
149s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cf58f3106b247a65e71379ba978751a_JaffaCakes118.html
Size

19KB
MD5

8cf58f3106b247a65e71379ba978751a
SHA1

a1671fea5f1624213adefe695d31ab1e7a549e82
SHA256

7699e5fd5bd275b55532abcaf175bc3bee4ff0b22d08548459aa74453214ba53
SHA512

1f1624ff9287bafc56f63388a34dc5c8298fdb7c1aeaf29b9cf5d2e99d0268b68984af24d3a033b98ef378bbf6ccbf223e5b918e59fd51ea4846b5af803388e0
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIL4ZzUnjBhbN82qDB8:SIMd0I5nvHFsvb2xDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4416	msedge.exe
4416	msedge.exe
3872	msedge.exe
3872	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe
3872	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3872 wrote to memory of 4480	3872	msedge.exe	81
PID 3872 wrote to memory of 4480	3872	msedge.exe	81
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 2608	3872	msedge.exe	82
PID 3872 wrote to memory of 4416	3872	msedge.exe	83
PID 3872 wrote to memory of 4416	3872	msedge.exe	83
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84
PID 3872 wrote to memory of 5048	3872	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cf58f3106b247a65e71379ba978751a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb93be46f8,0x7ffb93be4708,0x7ffb93be4718
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2338149340801559218,1968040826400046936,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2338149340801559218,1968040826400046936,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2432 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2338149340801559218,1968040826400046936,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2338149340801559218,1968040826400046936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2338149340801559218,1968040826400046936,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2338149340801559218,1968040826400046936,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3688

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e9ea7549945a17a7dd294c9caed8dde5

SHA1
17469c54f17471d4eab922653cad5d2320827770

SHA256
fee315526e85c9471d13d1cb3f2baee1bd3bba16c541d879dffdc1b7565e9f11

SHA512
367ec027b452e19ccdb1d526df79a2baab5d4d0dded7a92f95875459ede2f257b00508a36dba2b1f4845b8d53fbf58cc9c8805fa07c94d76ab76db36af0732ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0a3ccd97e567b9a6419cbb4d4d70e039

SHA1
7426f4405d4c50a2b178537d3516205134696da5

SHA256
2b1a740491f8dcb8a8fa2f6f97ed85c22e624c03815b35db51d0dd2cbaa3f50b

SHA512
6f83fd915ad9e7eeccba4514064666b7855d9eb90d0385fa93aa8637628c7f0f0ecae9d1061e074aab0fe85783ee1ba69115649fec3607c9754bf41a85477835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
31fd9621069529fcb87639d501f3b0e2

SHA1
f3a2c685cbe5cb5a1bd4e14ef915d309e6d3046f

SHA256
3f1f73bed94e61d218144a2eeaf8a4875f8950003534d211b3b0074ea2468eb3

SHA512
7d47cf53f1bb24c83db4a2c1feaf25b749608e63b1fc9a95d54fa4244bea7cddb5ed8bbc09f35b72bed956d680a662d1c97bd8247df2ba2bf0f2855f44e03776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
967ee70b89f8ec2daf55573a95de6018

SHA1
85f268613733e8a1eac01e6557cf88a18299561c

SHA256
38a6ff4e5adbf63ec2e661fd68b31705028702bcbf56da6a6daf0ec3d467be3b

SHA512
ebd344851a07e3696848d28e6d26eb2883b0e4af0f03c505e549f7dd2444d4281dba0f7ca904d9d218a359b2dcc2bc8dc77b80ee59e05cda49820a0aa4101d39

Download Submit