fd929d88a51e012014d84f45daa5e05cef8f9340d111ee6a7a81cf40ba5dd0d1

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

272ee3bd096f51c11afefc020efcd21b_JaffaCakes118.html
Size

164KB
MD5

272ee3bd096f51c11afefc020efcd21b
SHA1

57cfb3f19861ec8f96f00769c890572eac37a485
SHA256

fd929d88a51e012014d84f45daa5e05cef8f9340d111ee6a7a81cf40ba5dd0d1
SHA512

712324620269c9e536385d11aca50da45eacf83987de44083bd7df6d74cad2d5ee62ec5300a370e90eed301d55aa530b87935a2f13cdcfe995870e9c6ace1645
SSDEEP

3072:S7h6uL3gGNbtpyfkMY+BES09JXAnyrZalI+YQ:S78uL3gG1tMsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1660	msedge.exe
1660	msedge.exe
736	msedge.exe
736	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
736	msedge.exe
736	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 736 wrote to memory of 920	736	msedge.exe	82
PID 736 wrote to memory of 920	736	msedge.exe	82
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 4936	736	msedge.exe	83
PID 736 wrote to memory of 1660	736	msedge.exe	84
PID 736 wrote to memory of 1660	736	msedge.exe	84
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85
PID 736 wrote to memory of 1220	736	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\272ee3bd096f51c11afefc020efcd21b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff61f746f8,0x7fff61f74708,0x7fff61f74718
  2⤵
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6720944225823494140,12832009983730673574,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6720944225823494140,12832009983730673574,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,6720944225823494140,12832009983730673574,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6720944225823494140,12832009983730673574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,6720944225823494140,12832009983730673574,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6720944225823494140,12832009983730673574,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de9ce3f4d77452946f932c7f33d738e6

SHA1
0f26ab44cfe8b8d019f2a38c3925fd744aa274aa

SHA256
0d44d57edef7e97f910af87a32f98bd66acae28b9f906afa4d7c41f71c695981

SHA512
19ae21f73300adc888597349e2266a55b3b926f614adf189f4413512c9f8cf3551486f0a409a00a9581936129383c49f47045707601e41c5fdffa5b32e5a37af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
443ac8b4796813dece6d4e336af5dce4

SHA1
59e9e52a9ca1b96bf89272866ba5b5c92beb55a2

SHA256
c6d1f6f34e302d805f8508b547c4a46706bf958e9bae5b4b13e1951b8bc72de9

SHA512
e7a5bac7e82c531eba87d5f9a3cec0b02206fcb21eb43a084ca997cd32c22eecc0740489a60f0ebafcbb59aae70fa56d74b445d118fe0e557e2ab7169d0510e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2ab226033bd330aeaf6e3a0d31157410

SHA1
d4bbed8d469d4298a3e9b6d2cfcafc64962128af

SHA256
dbceb7ff2a9537eed539d3e15de1ed7112de76881abd8fbc528edcf85fb439a3

SHA512
49ee89956867426048e85f1ca8af09e3e9937f871e60c55cbf9a7850dbc223821004cb688b697d5d019c148b4dd18bb98264a8d0453dd631d7d0a506a5206d16

Download Submit