ab3fe9a4309a80bf055a942d8e5f6a2b4d9893edbaa9682e1e419eb82b516597

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 15:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

f840beeb622b6c59bbdbd1ec54e98fde_JaffaCakes118.html
Size

243KB
MD5

f840beeb622b6c59bbdbd1ec54e98fde
SHA1

748ed3d24295671ec55b8b59d8ab2e7b49c521dc
SHA256

ab3fe9a4309a80bf055a942d8e5f6a2b4d9893edbaa9682e1e419eb82b516597
SHA512

1a4f0844a209f79f6a6afa19840666c720c351d6610e28f7612d12ff818f9fccf12d38fada66ee30a6fc2cfdd192fa42b98ca2c8f6d780cc6b7691285bb0bea3
SSDEEP

3072:SmkCyfkMY+BES09JXAnyrZalI+YuyfkMY+BES09JXAnyrZalI+YQ:SmkHsMYod+X3oI+YLsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1324	msedge.exe
1324	msedge.exe
4676	msedge.exe
4676	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe
2356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 5792	4676	msedge.exe	83
PID 4676 wrote to memory of 5792	4676	msedge.exe	83
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 2788	4676	msedge.exe	84
PID 4676 wrote to memory of 1324	4676	msedge.exe	85
PID 4676 wrote to memory of 1324	4676	msedge.exe	85
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86
PID 4676 wrote to memory of 1908	4676	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f840beeb622b6c59bbdbd1ec54e98fde_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9eddb46f8,0x7ff9eddb4708,0x7ff9eddb4718
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10327999885888879932,2822420873703906866,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,10327999885888879932,2822420873703906866,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,10327999885888879932,2822420873703906866,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10327999885888879932,2822420873703906866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,10327999885888879932,2822420873703906866,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,10327999885888879932,2822420873703906866,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7b56675b54840d86d49bde5a1ff8af6a

SHA1
fe70a1b85f88d60f3ba9fc7bb5f81fc41e150811

SHA256
86af7213f410df65d0937f4331f783160f30eaeb088e28a9eef461713b9a3929

SHA512
11fc61b83365391efee8084de5c2af7e064f0182b943a0db08d95a0f450d3877bde5b5e6a6b9f008e58b709bb1a34f7b50085c41927f091df1eea78f039402e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
48cff1baabb24706967de3b0d6869906

SHA1
b0cd54f587cd4c88e60556347930cb76991e6734

SHA256
f6b5fbc610a71b3914753feb2bd4475a7c77d0d785cc36255bf93b3fe3ccb775

SHA512
fd0c848f3f9de81aca81af999262f96ea4c1cd1d1f32d304f56c7382f3b1bb604e5fbe9f209ad6e4b38988d92357ef82e9668806d0727f2856c7dc1f07aae2b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14ee209247a430e38be0c37a59678f11

SHA1
777036241186c6aeb0554b4ca13538f810d74447

SHA256
2f2ad041dbcb9c31004bae95098c728e2eaec33d8b567a6b687dfaef3b98eb61

SHA512
8a76c9ef5e47064845bc8fe833d20832476c08662fc25b0127a07f59b54700a48dec978dcb0fd52daadbba662aed9a4fac7c821bb20790712635ec09a30b2c17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
774bdae1f68ff30a39709a4910b7eb98

SHA1
5d56d7d99b8f333d7a22f2728ff72eb48fffd8b3

SHA256
e35b9b9b462a3891f944b9ac766c21d5d80d2fb2fbec458617a44a5dffdefb83

SHA512
151730d4b74d5d5a0d5e59269dc23612ee960f4b5449bbfb7920ff778a28cce68193572fe287be841b057f5a12e86120a4574e84df372d1cd449ffb5e20f17da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9588481e44c7e4b68dc41dfced78f58c

SHA1
5527cfdd73858ab3618f676a70ec39356bc18c6e

SHA256
a614bd79ef46529944a23f6b80ca7ea7dbf8ac418cf45575ad7809a86af4af22

SHA512
7b0788ebc04990cbb332094f83707938580b7569c2a1d3b3fb41d6eb0f889525dec1eb66e57c6bc8b76c6b375c77b9b6c41e0f0a6e60d77f4328bc0c51f7fb11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5b92d3d83f1572fd4b7b0cad6e8b8bad

SHA1
df095ee72bd1f304ad91ffc69fd1f1777f9e2f80

SHA256
81e732c35b1d54f146a389e68285219f4aae00f9a4b8813e9c6891990b9177ec

SHA512
eaf8c3d1ba68e59613a76ef499350948dc7d0b45481ed1498adb98e5c3d87ac31300681197306470b9184f1a4107e7e6251fe27f3fc7d1ea865c3b7603a4473c

Download Submit