c3cbc0240f63a3f8327e7eec2bdefe9afd437c1342e588c3859b5a5d5c74f728

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 10:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a28a8140962ce9b7f57ae18563ad965_JaffaCakes118.html
Size

139KB
MD5

8a28a8140962ce9b7f57ae18563ad965
SHA1

ec7c26ef0ded4d412524f69180df96a4db894ddd
SHA256

c3cbc0240f63a3f8327e7eec2bdefe9afd437c1342e588c3859b5a5d5c74f728
SHA512

04dc0b79e86ad4b5c9dc7fd0c34515a38b1b9afa71c11db1e7bb6629fab878770ed9ab189d6df4629f9faa02d82066f8b12f3518c818f616d850f61dc8507f98
SSDEEP

1536:SwhNyTrVTyxxY/Yhfo4WZBS2l8yLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1o:SwhqBS1yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2392	msedge.exe
2392	msedge.exe
3324	msedge.exe
3324	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe
3324	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 4716	3324	msedge.exe	80
PID 3324 wrote to memory of 4716	3324	msedge.exe	80
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2272	3324	msedge.exe	81
PID 3324 wrote to memory of 2392	3324	msedge.exe	82
PID 3324 wrote to memory of 2392	3324	msedge.exe	82
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83
PID 3324 wrote to memory of 4932	3324	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8a28a8140962ce9b7f57ae18563ad965_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8daf946f8,0x7ff8daf94708,0x7ff8daf94718
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,1842830780954263961,15573754824578564366,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:2272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,1842830780954263961,15573754824578564366,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,1842830780954263961,15573754824578564366,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1842830780954263961,15573754824578564366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,1842830780954263961,15573754824578564366,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,1842830780954263961,15573754824578564366,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce3a2d852518edb632cef3119f6c9a41

SHA1
e7953f737852ca80764184d0c224026a27628819

SHA256
33061fd4796383835242f21f19612404045efb3b0680198f1c1cf3d053d61db8

SHA512
6aed3900d4268c7b2652d384aac51fad1c9e07c735252aabc5ef6a72906a1438e75ad869bf4af1980a21e8d4fed90ec6762e10ed6f4ed2fe4bb03fc42d2c0909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2fd5e5e7f279ddcf133b01046bbe77d

SHA1
b53f0ce5bd1145538d4244ff9aea73058056bc98

SHA256
94606cd79386d2fa2188c4b35737a681f4366aeabcf09c0827fad635e1e474e6

SHA512
939bd55b16d950aea96300c111a7f2ada7baf1de92f1d46e2acba3759b3b8b3e4b3b9861870ef0af89497308e415a71ea8acc90d0c0ba9cb8c3a60eec24cdab5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69869735272e7242446d31a22da088e6

SHA1
4e170f81c2aed60c327cd140675c550ff0fc1820

SHA256
6c5d2462e6d29f3d3dab756c9f9c4d5448e82f8f27b392b8bc03d4d8ad5b56cd

SHA512
56f33cda6fe2569491770b1c31314f5d34a7c33137b6d02bd33640cc07c0912dcd07b86519e014a9a44341bde57ae2ad300423877ab61e7078da82b37d2d5c2c

Download Submit