0ef9fc1ec0d53252ba64d7b3caeebb422bbed5344bb200bba3e727ee495a1353

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 01:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2cc263a7d8809a3625e9144ce969750b_JaffaCakes118.html
Size

158KB
MD5

2cc263a7d8809a3625e9144ce969750b
SHA1

e6b1745c3a2f41a741b08d81b74958fd691962fe
SHA256

0ef9fc1ec0d53252ba64d7b3caeebb422bbed5344bb200bba3e727ee495a1353
SHA512

2143f9795cb96a33eeae73e6a08375bbf90de09d31f6f6846952a23a518df649f01c33a1d502bb180057290d7f6343f7f822a0a57b21378eee88f724d01d2277
SSDEEP

3072:SXLYeGenp+GGByfkMY+BES09JXAnyrZalI+YQ:SXhFp+GGEsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2232	msedge.exe
2232	msedge.exe
3004	msedge.exe
3004	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe
676	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe
3004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3004 wrote to memory of 4712	3004	msedge.exe	81
PID 3004 wrote to memory of 4712	3004	msedge.exe	81
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 4480	3004	msedge.exe	82
PID 3004 wrote to memory of 2232	3004	msedge.exe	83
PID 3004 wrote to memory of 2232	3004	msedge.exe	83
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84
PID 3004 wrote to memory of 2776	3004	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2cc263a7d8809a3625e9144ce969750b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c3c46f8,0x7fff8c3c4708,0x7fff8c3c4718
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13892347353745891975,5470976795869791576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,13892347353745891975,5470976795869791576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,13892347353745891975,5470976795869791576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13892347353745891975,5470976795869791576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,13892347353745891975,5470976795869791576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,13892347353745891975,5470976795869791576,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:676

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ced038d694b0d29b33fe7e966a9e3457

SHA1
6d7e7e589bd1a3300ef3830ec2fa3ab1d104d3ba

SHA256
49d1cb139da69a930c2d1e213c16d8470b76f19428794771fee21828224526b0

SHA512
24d2e2fe6882bf21ebac7fc30fb923ee1be42a6b20311320d890ca28b3384206028c4eada3a02f04baab598748021ce58744e24c5bc12382e7e3e292fb7ad93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
495ca00065a030c8232d8872055eb6d5

SHA1
8335b94910132ddb5964a386603b9c451ca6dba3

SHA256
2c5313dfb6580588c6c7b11c19e02947699d0f322706c6379094949f2d483a81

SHA512
de63bc147e8492e6b9f55369b4a711c9f700e6de63b3f7367ff8ba37790e2cf2ede07e8abaf472fb9bb9847e1c6e2509d8fa388c13e4fcd3ae57dbc39b256649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bfebae7a8a09777eff2754dd90d260d0

SHA1
628eacb70f6d6d3874edd24a68f5e35ea4a51f07

SHA256
bf33c71bc0eedb5b42777d161c3de7d74282829441c09a3151822aa7579a03cb

SHA512
e91f661902cfcda23df1217f54a1d951d400ede019b1376406e7389d35cdfa7ff6949b1f7c5e22ad3779f9d0dbc8be156190528afabff5be350efb3e61055533

Download Submit