aba77f22b38dbe6327ac6034f0e80f531445eb83debfbe01762e1a7ab25a6088

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15/06/2024, 00:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

ac237735f5b9a8a79260a38f89a5186e_JaffaCakes118.html
Size

17KB
MD5

ac237735f5b9a8a79260a38f89a5186e
SHA1

39d0ad1a4d9b2d0a6f9f053d7234c9e182f64beb
SHA256

aba77f22b38dbe6327ac6034f0e80f531445eb83debfbe01762e1a7ab25a6088
SHA512

d3ca564579195bed7eacbd01579f365360e25b4436b65339ba094cfb7f1400c491d77d45a1786bb75d200a2fb96cca160d21b84c591dc756000a359ef3a5118a
SSDEEP

384:xMjWUFENkfLlUZZ+PwtYlEHgCET+1UQyFD1LcJboNydADgGpzb:DNcUZoYt+vQyFSezb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1260	msedge.exe
1260	msedge.exe
728	msedge.exe
728	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
728	msedge.exe
728	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe
728	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 728 wrote to memory of 1828	728	msedge.exe	82
PID 728 wrote to memory of 1828	728	msedge.exe	82
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1492	728	msedge.exe	83
PID 728 wrote to memory of 1260	728	msedge.exe	84
PID 728 wrote to memory of 1260	728	msedge.exe	84
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85
PID 728 wrote to memory of 1956	728	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ac237735f5b9a8a79260a38f89a5186e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f18946f8,0x7ff9f1894708,0x7ff9f1894718
  2⤵
  PID:1828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10705441154647719402,4023033847336237105,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,10705441154647719402,4023033847336237105,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,10705441154647719402,4023033847336237105,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10705441154647719402,4023033847336237105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,10705441154647719402,4023033847336237105,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,10705441154647719402,4023033847336237105,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ce826d51cb9de53063236d85d66af257

SHA1
2dd13bebbe60ca12a958b6cf26c8296ceadaf8e3

SHA256
76f75f8dc4e2d7ec37597ce2ac41fbfbb05f451fc4420cfb803a59ab203ac418

SHA512
e3cf9598886de94a4dacae0cc6ac6759cf8d1f4c757e5ed5cd0ae704cf4aa22ef4bffa6acdf1fc7e7db20850edabb63cf23460c6933e24200d8f6f3a0311fba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d62e8eba5ca3d22913736b81af60307

SHA1
ec66d294b7b2d11cd7dde1ddd565f072f0018303

SHA256
3f4c0435d07ee677e568c48af21b549ba57365f32da94c67db62c9f86390c559

SHA512
6d5efdb38d7841913ce91b82fc62f4757864e9351294a1fa28f766323c0b27ec34e22953e2b5ffdcd7cc5322e1afb6b4700ee2a7b363d03354b06bbdeb202aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7ec093983ef5bfefc1e10d996b7cdd05

SHA1
57da3b27b0260fb9063804184abc31c1255caffe

SHA256
6ef242a109d6cd1e4adb73409077245c516e68f65e2e2c32f2443d59666d8042

SHA512
93974744a38862e30b2d9afc624fddb9339342d65f32ced433fdbe0116542a7218385731ddb83425c6fea9c3cc9a476465f54c0c19fd91edd39803c39133b0dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
713b851180c3876adfccc5286b9c3e76

SHA1
87fef2153ac35bcaa394f9a0253385dc29c3abd9

SHA256
0f1dbfbae2ddd8c7c30143033e30e01ea0949db0054f49e339cfd58bdde115d7

SHA512
c38ff6d80347a607c056b69cc814742db70e20d6050c19bbc710b38a8550131ba3f0738cad9b6fcd7b5c31d03dbfed3f5f9f3fc8246284841fd2f46958e3558e

Download Submit