fba76117ad3a4cdf14c84e4b4a5f45cecff4354b07b10456d26744b4f8bc77ff

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 06:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28b2eb0cc905a94c783d0687e1ac5c3c_JaffaCakes118.html
Size

18KB
MD5

28b2eb0cc905a94c783d0687e1ac5c3c
SHA1

8b9e82e4bf718e6505500b71fb3113f980885ed3
SHA256

fba76117ad3a4cdf14c84e4b4a5f45cecff4354b07b10456d26744b4f8bc77ff
SHA512

e1936c3f4acaa766e09d3166a03c12f9257d907dd053838ba15ee4ad1e39b871ea0abeb6832395bf39311bb2dc72e85fb9c9ffa359749bcdae7224793ac9300d
SSDEEP

192:SIM3t0I5fo9cOQivXQWxZxdkVSoAIP41zUnjBhn582qDB8:SIMd0I5nO9HlsvnSxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1068	msedge.exe
1068	msedge.exe
3704	msedge.exe
3704	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe
4396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe
3704	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 3244	3704	msedge.exe	81
PID 3704 wrote to memory of 3244	3704	msedge.exe	81
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1064	3704	msedge.exe	83
PID 3704 wrote to memory of 1068	3704	msedge.exe	84
PID 3704 wrote to memory of 1068	3704	msedge.exe	84
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85
PID 3704 wrote to memory of 3064	3704	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28b2eb0cc905a94c783d0687e1ac5c3c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffa7cf46f8,0x7fffa7cf4708,0x7fffa7cf4718
  2⤵
  PID:3244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5220738844079818330,1891895537151170804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2028,5220738844079818330,1891895537151170804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2028,5220738844079818330,1891895537151170804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5220738844079818330,1891895537151170804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2028,5220738844079818330,1891895537151170804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2028,5220738844079818330,1891895537151170804,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c6e22851cc9edb3dda4e239bd24a6e6a

SHA1
3ea5ee6ab1f5ff106f467710cfd19d6f1e5dc12a

SHA256
4bca521a25d58c920fb983f7beeb5b974b0f1cbc1ab304e21cd7884a8fe35a59

SHA512
0e5d5673ab7b0d32332e26f80bc83df0d95656539421362db80328b89b96f6a954eb3d710fac1d47154989bb103c7db87627aea15dc1dce1b58cdb78ec0e5928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
970117573db8f2ca747d6393f5a63d08

SHA1
bc0782ac4d15307669363f7470205d418c6d5b96

SHA256
c919c8cfec5af9810b9bf8db01f7ab2e775bd719a4d79192767e0d0733d0f7fc

SHA512
ed83df1fb573d3a6aaeea6d80e9c42d1647708d313b4ed5b193797d61d0f4f9a78603d185642a1a8a57fe46e1fb814800d13de1689679e36bb8d07e16e3b0e06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
95d513da221aa61b601311125bf01851

SHA1
80af5be9762933e4ad2fa8565cf84c1846736ec7

SHA256
bfa86bd5939fcd5ad33d1608457340abd9e7a211cd04b90786ccef1f23e255ff

SHA512
e51c47eb0e508e0ad17886cfecd134d8f6d1acec4eaa4c19528347c87ea43998c1f7f0a3bf44ca47b39ebb7bbdfe1da033fbfde5db4effad144edbbc73269811

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cf81c3264804a2600188771a04fcf9c8

SHA1
b21e71d3b7b9574b334598859b72b4c15ccdd694

SHA256
4cbb497d901af2c208053cb00263601dc3e351c5b6c9ad10875542103c5d7b53

SHA512
96b81634d04d08a37fb5ffcee0dfab0c7115a5c846e37ac7887cdd47226c961cdb9a94b8f11fb08ab5e119f9f42390446cb78d9c03852b3e39f688df1ea2e913

Download Submit