1b82cdc04a2c0fb855b4fddccd80246d53c2364f90403723ed37cafe1db8355c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 20:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

21b31515b118a649660725ae6f8dc923_JaffaCakes118.html
Size

141KB
MD5

21b31515b118a649660725ae6f8dc923
SHA1

eddd2727c9ac0a6b0646910a9d6edaca87a74814
SHA256

1b82cdc04a2c0fb855b4fddccd80246d53c2364f90403723ed37cafe1db8355c
SHA512

2fc9c016a3e9e7861da60c43e1389f635ab4d7764985d09a0808679babdb195113a813416ef5f561b2c323a54c241002f5e2fda95a40fb4a218e9ac91ab89692
SSDEEP

3072:SKFzkzTx7dyfkMY+BES09JXAnyrZalI+YQ:SKFziTx7osMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1760	msedge.exe
1760	msedge.exe
4516	msedge.exe
4516	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe
3252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe
4516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4516 wrote to memory of 4924	4516	msedge.exe	85
PID 4516 wrote to memory of 4924	4516	msedge.exe	85
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1644	4516	msedge.exe	86
PID 4516 wrote to memory of 1760	4516	msedge.exe	87
PID 4516 wrote to memory of 1760	4516	msedge.exe	87
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88
PID 4516 wrote to memory of 2268	4516	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\21b31515b118a649660725ae6f8dc923_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffaf48d46f8,0x7ffaf48d4708,0x7ffaf48d4718
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1621531356835395151,15017538366645395284,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,1621531356835395151,15017538366645395284,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,1621531356835395151,15017538366645395284,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1621531356835395151,15017538366645395284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,1621531356835395151,15017538366645395284,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,1621531356835395151,15017538366645395284,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2d2349251b9cdb9a107a3c730ab54dd2

SHA1
c145473b3596eb7a6219159d0b57a23ec37a159e

SHA256
d6c2665915f741e31c584bcf644511a797238717f4137083a4da0f4a7801f11c

SHA512
2d1103a33abddd148bd10b5ba0857524b68f2980ca75b665eb60068ae9c09e1363dc3226017d5f22db5dbe7fa9d729d65a0853ef03b4e861acddcb4ef56ffdbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b5a227a36395935297249d5cda79738f

SHA1
3e3af76f8a78c2102f4539592a9f3c89170db37c

SHA256
1a20b153a3fb48a2d2a6a754aaa6abe7666c3c6965f95fad3d743cd3b7b062ae

SHA512
ff212d225163ad244fb4ff55f605d6d853f7d8e1eb9cbaeccd99a98f51105bcc45c48fb8933ce10fff75e6fe85c5ee815e7ad8076bd26a0fa3067c6be4187978

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f36e9bef677cbeb0ac73fdde0bccf518

SHA1
63cf568b8e71b748b924851e38a5f0aa678273e1

SHA256
5ae9bf17aa07773d05e87c2a431521b41b467253b35b6c2e78e72e0ac8bbdd04

SHA512
56e927b39307860c8280dd04a6528d19ad489df862ab84b9f8b20d8a25a698b6e3767e7b1df532e4b8be4cd432747c3712cbf7a6b2a838e156516d7d3111bbbf

Download Submit