27c268461574294df7c14e0bbcc67b57c6816cce0fbaf039b1081d3579707ea7

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
11-05-2024 05:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

330dcb287fc7264cfe4bea75d9f4994b_JaffaCakes118.html
Size

220KB
MD5

330dcb287fc7264cfe4bea75d9f4994b
SHA1

e4d75b2e167925002fce55ac05851a9d8da1fbc2
SHA256

27c268461574294df7c14e0bbcc67b57c6816cce0fbaf039b1081d3579707ea7
SHA512

9d8e1bd62642cbad100dfff4f2e790df5acfddb1ed634c3da9725a49d3ee8907d3663f6519ed8b790030f921ee4da8e2973fe23225fd404208b16a0a746d9122
SSDEEP

3072:SHs2cYayUrIryfkMY+BES09JXAnyrZalI+YQ:SHDovsMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
1580	msedge.exe
1580	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe
1580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2248	1580	msedge.exe	84
PID 1580 wrote to memory of 2248	1580	msedge.exe	84
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 4100	1580	msedge.exe	85
PID 1580 wrote to memory of 3804	1580	msedge.exe	86
PID 1580 wrote to memory of 3804	1580	msedge.exe	86
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87
PID 1580 wrote to memory of 372	1580	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\330dcb287fc7264cfe4bea75d9f4994b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f44046f8,0x7ff8f4404708,0x7ff8f4404718
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16126461910543405379,6177953216476647030,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,16126461910543405379,6177953216476647030,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,16126461910543405379,6177953216476647030,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16126461910543405379,6177953216476647030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,16126461910543405379,6177953216476647030,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,16126461910543405379,6177953216476647030,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bb74143e79133a3afece86db9ae84ab

SHA1
d511508fb0e8516193fced4a7c4fab8599d7398c

SHA256
9534097256b9460fc982079b70ac3969a4c7b73ca4bebbd6cb44b6f6f598ebf7

SHA512
3f20b758bc8746c5770c57ac4d34a2719c74ddc260714067f4d57a6440e04bc59aceb28025d6f6cfde2620fa9e0776f584abde9fbaff66f644bcc27d9ee18b34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
aa142eda0ffc751fac74867d1f3116c5

SHA1
424f391600843ed6a39f44aad63eb9fc11118e88

SHA256
055ad83a8fe30a3c97addf99ff27b8f3308d585b4cda7d86c7e5689592fe3160

SHA512
ef41d6ae94c4eec5bb0db7b5fe7b2f05fc54a9d11c43ae1e249c19f8ae937c767ba8b576001840205e034d0d3670b908893bf88872490757248625e11444162c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b672c968fb69fb522695996e72e1c292

SHA1
24d864fea3b407ccf3698d29c182eb94779df410

SHA256
3dde1b68578d69051a14a9220446747c9db60432b0a1b882328ee0a5b721834c

SHA512
68f1bdfa0bfecef4f4422c06a5c24b2c804d0558807c7046d627e72b6d8f2e1b803821762b787d0d3b28e9f10ad0928459bc0f9a0f82c0ef4ea77cf901050c23

Download Submit