26a80232348476bfe52bc886899f32b739d360674171036b60602e8fe487a4c8

Analysis

max time kernel
145s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/05/2024, 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

322462d6f21a6f18107768f2abf2da22_JaffaCakes118.html
Size

130KB
MD5

322462d6f21a6f18107768f2abf2da22
SHA1

cfaa8022b9621a0eb99e320d8086b848ef1259a6
SHA256

26a80232348476bfe52bc886899f32b739d360674171036b60602e8fe487a4c8
SHA512

1dd12aaffba42dae442b76ea59ca8f2ebc4261acf4408d9ca39788eb0af7705b520787a64879ca2f5bbd5c7c52f0d481065cacacd8b821a776d1f08a4da54c81
SSDEEP

3072:6cDwoemU3yfkMY+BES09JXAnyrZalI+YW:HsMYod+X3oI+YW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3240	msedge.exe
3240	msedge.exe
1968	msedge.exe
1968	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe
1968	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1968 wrote to memory of 3220	1968	msedge.exe	83
PID 1968 wrote to memory of 3220	1968	msedge.exe	83
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 1528	1968	msedge.exe	84
PID 1968 wrote to memory of 3240	1968	msedge.exe	85
PID 1968 wrote to memory of 3240	1968	msedge.exe	85
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86
PID 1968 wrote to memory of 2628	1968	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\322462d6f21a6f18107768f2abf2da22_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99cdf46f8,0x7ff99cdf4708,0x7ff99cdf4718
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5294685704771339561,6123217862429245059,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5294685704771339561,6123217862429245059,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5294685704771339561,6123217862429245059,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5294685704771339561,6123217862429245059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5294685704771339561,6123217862429245059,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5294685704771339561,6123217862429245059,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4748 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\53a463f1-2f6e-4fe7-8eda-43570cf30757.tmp

Filesize
6KB

MD5
0c8a89f6a29282e817421fb85e6f86cc

SHA1
f48d658e81321bd90c5c212316412140979261f8

SHA256
3c48d0be1f54ef3e80a0c55e8b83feba2fec29ff93eaecb843cd4ddfee05c688

SHA512
82acb71c0e1ecb2b079020185754e6cef407f3577613592851430ad55b2d77b38c2eaa087f04ca7b535fb49a6766b86261b3f4d99973d554d12b7f32e4b5e5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
29c536a003616ff788eff5a3e72e4208

SHA1
611cb218a92ce1d4738a8d0a1283df0bd4824f23

SHA256
4f67fa08d58b0d51f1afc1445769f803f8d53a8bc238af7e1d1a9bfb212b5ecd

SHA512
007aceeb9ec45b3199916f3f2261f26f6f95d58493c8f1deca249d3ff6566c6b36963792b32c41f24a4f0a8fdb015a146825e1a754e7d23acd7bea86b5c76454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03955bd60b765734fe0ff4c6bd04e889

SHA1
34216808f1799a8f3b0379b39de2094948282284

SHA256
a21849364949d9405d0d8ef064d816024ae98a6d02785436b4b865e6ab81e472

SHA512
f68a9c094a2743988f079e3d13ccc8b73e46a36386e0ae584e5e7a0be64924ceb744d4bea6ba798a710c03c813acf556a841ef73bcb2158335f11ff075c6b0b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3aa0ccd1b6b014c933d44fdb6d9b679a

SHA1
0465c9e750467106e2d42c22ed07d2188098034d

SHA256
9cead0aabe5b93dafb6ca4dc2e555d19df795719534b644bc085ab29a24cd130

SHA512
14c2dc9eff0a990ee3d4b74f5f05dbf60d4dcb3bf38af44325c3f8d5845ebe0bb34dfa55f8e00888b23583d421fd05d5fc4d738f1ab30ff7b8ad4c808406ccac

Download Submit