d4b92627e1fb6ceda42bb586223213d67af3107272e4235f765cad9c2155206e

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

156332d97c7341b57cb6249537ee8f41_JaffaCakes118.html
Size

54KB
MD5

156332d97c7341b57cb6249537ee8f41
SHA1

9dbd236fab4a8ff816349c009114e4ac7e2f159f
SHA256

d4b92627e1fb6ceda42bb586223213d67af3107272e4235f765cad9c2155206e
SHA512

04ab55f34602d9afa0a3050251de0c63ad97c1c6a79d25aba3d02375693cd067df004ae74cbd262223de2cf7971f69ef831e4b7c389ed7705c6be0d51697dc29
SSDEEP

384:PUlIcOtT46TGTH+/ny0U80tv9MyTGSxjv0BhttuthkxXkfR1wRqvhltWrptYxkOl:/LDLMuinjglExLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
556	msedge.exe
556	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe
556	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 556 wrote to memory of 3568	556	msedge.exe	82
PID 556 wrote to memory of 3568	556	msedge.exe	82
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 528	556	msedge.exe	83
PID 556 wrote to memory of 4816	556	msedge.exe	84
PID 556 wrote to memory of 4816	556	msedge.exe	84
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85
PID 556 wrote to memory of 216	556	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\156332d97c7341b57cb6249537ee8f41_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f40f46f8,0x7ff8f40f4708,0x7ff8f40f4718
  2⤵
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1472 /prefetch:8
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,8004910688088894226,13935342292166155630,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
376b3797a229aa5ae324967dc56d886a

SHA1
df8ca14268def86073f99dfebe7f23cc18b1ede4

SHA256
a3f6d8590c09e5df135776fc94ee98b88b3960ec3c202952126690f297d181ae

SHA512
5596c77046df19e5673e13cd9316c76f57761f39351aefc6bb7902ae1006394294f0e6f9374d3831df9254b0b06cb18c8472abe679c03881ccaabe1c0a12441a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
57f336ce10ebfa75a404313f4e01b812

SHA1
831bcac4223ed301f90d237c0a70f68a6f889f01

SHA256
8c156c112ac3e1fe52a4342b8c33da1f0f3aa15f666f3efd0390b66ce23ac1d6

SHA512
a45dbbd16f49c6c9783dfa0a723f201fd3e4e22f6496aac312d675825e5347a77c71a10b66f70759107507df773aa8dee3fb13863b3be58fdd63b14c64409fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
438fe270ff71cfd242abb7061daf834d

SHA1
55aad95b1175e5146c63dd686aa7f68756c9d934

SHA256
ec988d5771f2a872b6f0b0c235efaca1881f4173ef7baffb2ef8438735dfbdb5

SHA512
ba9cbd68660fb3acee388f88d62945d978d5663b5b69ee3d26fcbc5e7acef8781fff6e0fe8f00345aab92a88e1f18d1e1fc816cf9b559079fb15743184bcea51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e30255dacda03a9ae474eb87119299dc

SHA1
179552edde69dbc57a27720e909e82e7e1f809c3

SHA256
b5e3761a90ca1c0c24c3120f82c2fefb9e3f94afa8c74f8c60a476024fe3c6d2

SHA512
7e310326d8329bb2c6ee253d65ad59622e16b0a726b80523814e67d7d3784ca3625c7c821985bf0f1de517ccfc073cae2811e29b953dbcf3b1506ab599ba7092

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
67b38304c0ecafec8d576b27fd65fd36

SHA1
09dfc7009623dfc925b5f0301a394b1d88ac1b1d

SHA256
becff4135b6f9ecf7178f9180fff5a522b131bf1b8ac2b82c268849fc985ba2c

SHA512
ec3d1f05a1d1d02e0b2370b4e856abb5682283bc4702b5abd445b6faa568156c92f63cdf3599b3c5a77eca07f68e67dc7aebe1f0714c7879fc6210d46e99a355

Download Submit