5cc74deea36dea1c097577ed268b2e7681c47af6cfd1487045ca072bdde724d1

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12-06-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a10cd8b794a4db4b800e9b369a800800_JaffaCakes118.html
Size

214KB
MD5

a10cd8b794a4db4b800e9b369a800800
SHA1

3467b33226125db269fb66edb83ba3c3d1eab0c5
SHA256

5cc74deea36dea1c097577ed268b2e7681c47af6cfd1487045ca072bdde724d1
SHA512

857548c9ee91851cba9d0c4d8c17fc5d23a336f0d3263d65768d48ef8ffe7824edfeebefa372a2bdd20d5008b0825301e02735119b85f7fe1c51492488b711d9
SSDEEP

3072:JrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJC:tz9VxLY7iAVLTBQJlC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1364	msedge.exe
1364	msedge.exe
1704	msedge.exe
1704	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe
1704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1704 wrote to memory of 756	1704	msedge.exe	82
PID 1704 wrote to memory of 756	1704	msedge.exe	82
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 4236	1704	msedge.exe	83
PID 1704 wrote to memory of 1364	1704	msedge.exe	84
PID 1704 wrote to memory of 1364	1704	msedge.exe	84
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85
PID 1704 wrote to memory of 2600	1704	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a10cd8b794a4db4b800e9b369a800800_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8554b46f8,0x7ff8554b4708,0x7ff8554b4718
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16480476785702969634,16295530560085298279,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,16480476785702969634,16295530560085298279,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,16480476785702969634,16295530560085298279,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16480476785702969634,16295530560085298279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,16480476785702969634,16295530560085298279,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,16480476785702969634,16295530560085298279,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95d4977b2022ea39db82cddf0f58673d

SHA1
6ce4bc63731ef506de8cc7d958c9fb0c60792c63

SHA256
94e8677cd71aa704e5dc955e1ed6762132d44b20ef9a7c588523236b59cb748b

SHA512
34b651ee4556d0e962dd991323578ab50220a77b1b88384fa43054b21ac10428240494410c660f67cc0daf5e74efed1ad95957eba200bf2ae4717a3c3400d0a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c4d8856569440f010f03ed3c3cc03a3

SHA1
74f324835929247e94f2fe39b889b452d16e4fea

SHA256
f7ec599becc9cea711a926cc809be0105d87dbf07334f90892ea720ecb968d51

SHA512
fccfcefc58ff7569b0d3d24c93d685abd7e43121c41372ce0849741da0a46b09d58f0f5c06fd88a5b6cd1da9eda808a5be7ecc1e42e16f8790f93201a48ebd31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a883dcf6a1dca80ddc56f39fdc107e08

SHA1
7ba0508adae83bd87f92905503410370ec8f97a8

SHA256
9e692ffeaa9e8af8558ebd78ae9ef7950e656b88c3d66ce61f6a0d4ba267fddc

SHA512
b5c33b9d4ff4dd4f82be5403c387f420c0c65a800abcbfb55ae61abc45ae356393b936e1c21e9424357eb4755cc20623cf6ff007cad07a72c0fc922e14edd0fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e16bf0103dfe89ab1f9f02e660a7c5cc

SHA1
222b698ef0fbcfc315294c2b7b9c122d1ebaafbe

SHA256
71b9c38b65edb00a835b0d24da01d0da84a384d7ff184fb7d7cc436a853a67f0

SHA512
80044a600e9391ffbc9099f97d1fbf21fa588c264a52811d38f41798ddd800ebe22abfb2c19c3adb099431d09ad783081729bb812b828a0ced3df2c77502a149

Download Submit