31868931ec6eca173bcc61fe30a65c7610eba919d7a6a710db300b0fa67e955e

Analysis

max time kernel
120s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 23:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

77340b15d9e7aba67927071f8ecd5a13_JaffaCakes118.html
Size

3KB
MD5

77340b15d9e7aba67927071f8ecd5a13
SHA1

81460f51e285006ee913d8ddce926a10c2ec4011
SHA256

31868931ec6eca173bcc61fe30a65c7610eba919d7a6a710db300b0fa67e955e
SHA512

70a3343aea4be5112f1410cd23b1883107299b281518a51e5469831ab7d432a66c3de8cb1c28725ce18967868b3f65218a1ebe704662e8acb3d959b98344d4d7

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe
3516	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3516 wrote to memory of 1604	3516	msedge.exe	83
PID 3516 wrote to memory of 1604	3516	msedge.exe	83
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 3880	3516	msedge.exe	84
PID 3516 wrote to memory of 4248	3516	msedge.exe	85
PID 3516 wrote to memory of 4248	3516	msedge.exe	85
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86
PID 3516 wrote to memory of 4300	3516	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\77340b15d9e7aba67927071f8ecd5a13_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd6f9146f8,0x7ffd6f914708,0x7ffd6f914718
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15214382048141195053,1783255735835930773,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,15214382048141195053,1783255735835930773,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,15214382048141195053,1783255735835930773,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15214382048141195053,1783255735835930773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,15214382048141195053,1783255735835930773,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,15214382048141195053,1783255735835930773,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:4948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b759887454b184f69fd77a81cecada1d

SHA1
23ca179b4a4b1504dc31dd659dc3ccd4ba871f07

SHA256
660e0c94e1f3b8a96794773e3c7fc3b5740b21828ae732684341995b0e20c4a2

SHA512
f48e25caa4a2683530320b753b76dffd16506ebaef61830ebc134412b0727010058871a0ad162c4df03c79bfd9b9bf7d8683b931562067bfdbd1008c0fd3451b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8164e14f1207e26f8356eed125955fa

SHA1
6b8586e678e29ceb91466b03a3fddbb1ebd66e2e

SHA256
c0f3b21b40caba18249dc65f509c31febf30f952abed7e1b1838fda264911262

SHA512
c885d344a09c02c487dfbd016611dbe2612c1a9b7d909fc85175f236009fe91e870a17cc9a7a13e410f8c24567de64c7fb74c714d66dab5367b0732505d8e5f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d61762ffa4fd4d39d45e2852bb5f5471

SHA1
2ef15d7619d9c74925a485d62506cb60ddf2b7e4

SHA256
5bb8822ae78b3e716b2266ff1fb9bfdf1460a246af1cbe058f4f37c3990d9b12

SHA512
8aef15c1cb476e99cff1f250f491fbc7f39bc90660060feaf25e0508534bfa9a17b579279d77db1a3cc5f141b87a6e3aee75efead28a1691b7977940153c7c2b

Download Submit