b7b91ea992b20882a5cfd3e4a735b8b007878929626fdbb941b41d69fbe2e286

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 11:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

127d2abc444dade69157b50e83698aab_JaffaCakes118.html
Size

138KB
MD5

127d2abc444dade69157b50e83698aab
SHA1

1b9fd5e08a03e1a063009531b2d9a2d6786e47c9
SHA256

b7b91ea992b20882a5cfd3e4a735b8b007878929626fdbb941b41d69fbe2e286
SHA512

4c112008bbbb53935ceeca297cb4f2b612528a3aaf21ab4b8eae04f705efb464b80abff4b3d7d32cad246b226f1983ed50548c5a327adb4ab3ec95707fa0a419
SSDEEP

3072:SRzXBA1wOOzNByfkMY+BES09JXAnyrZalI+YQ:SRzXBA1MzysMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4092	msedge.exe
4092	msedge.exe
4164	msedge.exe
4164	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe
4668	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe
4164	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4164 wrote to memory of 2700	4164	msedge.exe	83
PID 4164 wrote to memory of 2700	4164	msedge.exe	83
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4924	4164	msedge.exe	84
PID 4164 wrote to memory of 4092	4164	msedge.exe	85
PID 4164 wrote to memory of 4092	4164	msedge.exe	85
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86
PID 4164 wrote to memory of 1844	4164	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\127d2abc444dade69157b50e83698aab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdba2546f8,0x7ffdba254708,0x7ffdba254718
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13919825666517923014,7325661408233753275,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13919825666517923014,7325661408233753275,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13919825666517923014,7325661408233753275,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2700 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13919825666517923014,7325661408233753275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13919825666517923014,7325661408233753275,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13919825666517923014,7325661408233753275,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ca3b319d812533401ecf0705f360aa48

SHA1
490534d4f232c769e1bc08693c0c140a58bbeeb2

SHA256
d813d9bed2747ae89ef81037872f6e4ab04db7333202ae60ac1b126c17f13fbf

SHA512
72b4b2491a1077cd7a4a3105d12d1d2108374546fa1dd9f7bcdfd670a00d2208829cf2c4c7f4c39a3c0066ca3c2d7035f3ba872a89d6cde4572b213f90e51363

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed40d4dcd633d891eb0f86677d8f40fd

SHA1
908f038e1c6b2a382ebba6ff3a7ff7bf6f297c4e

SHA256
dbbfd2c7624373584a769b77f076f8e9a3557de7139f5cc8f5e9df9128066766

SHA512
22295ed7679af553978cdfc48c0756dc720a58ddc2580e24bbe93f145323372d490b354cf3048a3dc3e0f265ac9048a623a9e0dc7bab183739ae5b6ec75b31d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ac9a0a3cc2a840ead45354127d2ad82

SHA1
7ed7dec2eef1996be323017d38c5426b88fa51ea

SHA256
3ea50a996bb0128211ca1a6f570ac98f175d5229abb8907fbfece30510dd76ba

SHA512
d425b85a21971c91fbbd07bb4ab5ee8fcc471192e98bf9ce05a51b25bfc9e28bb388e9633895389c175a6f4bc1d75e94c96faa6252b89426ffbb194949846d1a

Download Submit