c1635f029ceec8ba11bf8a84182089017ef3cb03c3dcbba053b3e06f58308404

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 03:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

22fba7b85b400a4511c6b1b00bf7929b_JaffaCakes118.html
Size

220KB
MD5

22fba7b85b400a4511c6b1b00bf7929b
SHA1

d8ad3f6eb364771603a7cdba460a8ca8594747b2
SHA256

c1635f029ceec8ba11bf8a84182089017ef3cb03c3dcbba053b3e06f58308404
SHA512

0b80a892869e517b6b6025818858d106023dfcbb5476fcd79bedae82952b0100c32b1c5b0c0f9015908082ae583c7501ac6d5c6aa38a41a087e0fee0cb17277f
SSDEEP

3072:SF/7x1aRJr+O6kyfkMY+BES09JXAnyrZalI+YQ:SFjOr5WsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1356	msedge.exe
1356	msedge.exe
4560	msedge.exe
4560	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe
1256	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 1076	4560	msedge.exe	84
PID 4560 wrote to memory of 1076	4560	msedge.exe	84
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 3684	4560	msedge.exe	85
PID 4560 wrote to memory of 1356	4560	msedge.exe	86
PID 4560 wrote to memory of 1356	4560	msedge.exe	86
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87
PID 4560 wrote to memory of 1668	4560	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\22fba7b85b400a4511c6b1b00bf7929b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb784b46f8,0x7ffb784b4708,0x7ffb784b4718
  2⤵
  PID:1076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15591986205552197461,16812708295808476199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,15591986205552197461,16812708295808476199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,15591986205552197461,16812708295808476199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15591986205552197461,16812708295808476199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,15591986205552197461,16812708295808476199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,15591986205552197461,16812708295808476199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3588

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8b685c3d60332c938efb77044daeeaac

SHA1
f23b5e5062d0e8b43d6ec6bb003a2fe468ee5f8b

SHA256
bb609085843b824b8766ca1c42394c82f7710f0708e523a92dc50fe85f3113df

SHA512
194f6aa28e5987e8d3c286f7b3a8ec87a97a8fc9d23700e948c2b351a8a9e592e385bd2791d0165b9366a39a26c957072ab148dd099bff169a67e3f31f95474e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e9bd63849670e3c43cf8784b2edf754f

SHA1
0d0737053c5a59500a1dd464fa26e71ec3bd3156

SHA256
10359077d99a80a57bb9c472e62ff27e3036fe18c6e9d9076caff7796b627719

SHA512
703c91e1552f4ff508ba08093c8275feaa2fa754b70a2826247bca45eb6b2da1240b069df812983340655768f5090effa26af8f9be6e2ef7bfa10c97db7ce65e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c6719ed74dd6954702ce376671772c91

SHA1
1f479389f99328398c168100a9ab881672bd6a9f

SHA256
351c7849e22d13f70be87b974db4dbe4b45ee12aa5761b7dd846d266acb043dc

SHA512
1a52aee8a0c9e0022cc0720af181c7426abca89bb253e56e5cdc15a3426c085fdb4835c57044e5d95d59d344b77c397abfe206c4657c1373b5841520f0678ae7

Download Submit