c448b43dd70afd606eb1002e3bf681aa991b8ee60a8399651908a7c5a160b771

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 23:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

272f06322a9873c5a5b7ad310ce33178_JaffaCakes118.html
Size

39KB
MD5

272f06322a9873c5a5b7ad310ce33178
SHA1

6554ebb9a2baf43f56d40559fa78dbb58114a024
SHA256

c448b43dd70afd606eb1002e3bf681aa991b8ee60a8399651908a7c5a160b771
SHA512

1ce6a9d82074f7ace967fcbc8578efbef8e278fdb0d197f399285b24ea67af09311ea4af926d9e433d949ce1dd8a8259effa68619e0c96f64ea8004a9eac0e7b
SSDEEP

768:aIwInITsXTXmh7fIJu7fIJoOcNgxTJV35G9u2Z+KvmvQvVqIxlMv+V5EcF0krRmi:HwInITbh7fIJu7fIJANgxTJVJuZJWWVv

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2460	msedge.exe
2460	msedge.exe
3440	msedge.exe
3440	msedge.exe
4840	identity_helper.exe
4840	identity_helper.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe
2904	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 3920	3440	msedge.exe	80
PID 3440 wrote to memory of 3920	3440	msedge.exe	80
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 3312	3440	msedge.exe	83
PID 3440 wrote to memory of 2460	3440	msedge.exe	84
PID 3440 wrote to memory of 2460	3440	msedge.exe	84
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85
PID 3440 wrote to memory of 1580	3440	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\272f06322a9873c5a5b7ad310ce33178_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0xdc,0x7ffdf58f46f8,0x7ffdf58f4708,0x7ffdf58f4718
  2⤵
  PID:3920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:3312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2212 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3964 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,10850391396849116636,15742964282920086646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4856 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ec004f8217228e8f303fd7c7e41360b

SHA1
366528b348e2062b23706fdaf10ee6ddcadffa20

SHA256
2e33350e2e1846041b21c206ed65327cb593d01ffed0c15db3b7cfbf86f2442a

SHA512
958f5dceaf718948f0a63b485a4fbfddce5b64cc8a20c9b9ad751c18ae866a3953159f58b7092361e911b152d9d4b8eec721ffa116c8286b6790bcdde2a5a683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
853a139b144efb2c427d9209f8b61114

SHA1
a52452910d487a0b686f1af09ab5208956e12a71

SHA256
aa6674cb68d63dc26c24ba0589b13da2b3fd1edd84b37938977fffcaca38a05f

SHA512
16a4f686ca89550828bd1e87d4d8ec4eb49c76692c4e0e21206fb9e3fb19170dbe1700cee81f59e24ec11fbd96189bd64b86a0f0efdba6c6e38f62b97914def2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a61d9fe463cd76f88cca1322333ca03a

SHA1
2c7e233dc977b1591ad9dad104294ac976ebc398

SHA256
791d6c42b7eece891f8f31538ff5cb298ffe71ad6486b570190a2419723af3ec

SHA512
86ad162dbe7fba9ea663fa664402066afd3324bc3c178407ee612359d0dc148938a2be542c6cfac8ef2cd669472956e364a6068987481ef741cca745e4e537ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4edcda965a159e2f598beb15a4df0fdf

SHA1
3c3be51a6d2380de1c6326fc14b0a3a7c9af0b36

SHA256
d64f3e6211c1031d8bbbf18e8e988106d76e43536c53c7d21d44e4c6693252f7

SHA512
d46f5b6c9a8ceb0fcf878aca0b6950667b942a19d8763af496c128cfccd5133210881d8e73b389e3a9ff955c1cc3f86341d458166df25466081044976bde619f

Download Submit