248178b97af08f16cb59331b7b6804c4bfbc98908a19df7cee050df071d76d3a

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 00:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

275b2bc8884733d8e32c55f4daef62a7_JaffaCakes118.html
Size

139KB
MD5

275b2bc8884733d8e32c55f4daef62a7
SHA1

3359feb88ab4d6390ed85c78ae60e73d59fef605
SHA256

248178b97af08f16cb59331b7b6804c4bfbc98908a19df7cee050df071d76d3a
SHA512

4a528a6e2c42c5dcfd15b6a0c8d18ad819805614614c16ed66ddd9875b6f10ab704aa80d77f7fba570e07142091586ee585ac0e0df4787008a0e7218792195b1
SSDEEP

1536:SMt9jHzIcwl5yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3oJrusG:SMt+yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
220	msedge.exe
220	msedge.exe
2464	msedge.exe
2464	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe
2292	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe
2464	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2464 wrote to memory of 1400	2464	msedge.exe	79
PID 2464 wrote to memory of 1400	2464	msedge.exe	79
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 2828	2464	msedge.exe	80
PID 2464 wrote to memory of 220	2464	msedge.exe	81
PID 2464 wrote to memory of 220	2464	msedge.exe	81
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82
PID 2464 wrote to memory of 3728	2464	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\275b2bc8884733d8e32c55f4daef62a7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff089646f8,0x7fff08964708,0x7fff08964718
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3775506914924085781,622144190453514460,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,3775506914924085781,622144190453514460,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2496 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,3775506914924085781,622144190453514460,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3775506914924085781,622144190453514460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,3775506914924085781,622144190453514460,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,3775506914924085781,622144190453514460,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1404

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5603be6c5a5e68583d10ab5684943c36

SHA1
f8dfccdd60a127f2f4b950d650937cc5e05a1b37

SHA256
00a05cb2e1fe9e841e2a9370409b4a39464f6fd01e95a447c4e9a775385f6278

SHA512
26a3ef52cd111410e31f39ea22e7a73f0a2a3c3b431b4e099400a31f80bd4d7faa4aa8b41966910804973a1629fd04870e79aaf832ce9e300e8fb1697bc7b162

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22432b51fc2e8c43b4c46cb318bd0d5f

SHA1
9248e97fdb04d54bdad5f0869f9d68810705e8da

SHA256
537392f977c37d6a7c4f1272f600aa56dd45723c31926644b9ef58f8804d43b6

SHA512
2d45f4167f15ffda165e444171cd911ea424a3e6d395d58fe6d5cd751c8a9fc1982ae6ee95488d543cdf113fa8bd1567fb3885dbccc758bf8f15145be9ddf5a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6f9827e07c10271e774cb9a8da614cbe

SHA1
9ca33d6cf9fa47a4ea87d82d162baaac1656cc30

SHA256
9bc0f90336d93b987d15f340a5f1b31b08c9f1637635b333414c77f9830542d9

SHA512
332753a224ba9c431ffb4fc6a834e0b63a6e9450c1af1869eff972f573e97353744ebfc4bacc29eed63d7503cb18ee62de123b5d2c1e8f38eec0d7421bd96b4f

Download Submit