d71d74eabb40a44714c35689c1d1f1f627f2814362ef0c541499b4ffa67a9339

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b13e92ff48f4fa19aedd2b4b4e37b5ba_JaffaCakes118.html
Size

18KB
MD5

b13e92ff48f4fa19aedd2b4b4e37b5ba
SHA1

a6f4f9a29e1aefd2d41747f203412c23c21a02a2
SHA256

d71d74eabb40a44714c35689c1d1f1f627f2814362ef0c541499b4ffa67a9339
SHA512

00566a7624fed6aa5bdc74a529df7ce8fce8e4f7789f489b7cc03268c6538c6ce1711db02c9ee1c239a81beae66a6313e8e226dce73a79b3ddca53b3f5b9c0c8
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAI448zUnjBhoC82qDB8:SIMd0I5nvHVsvoRxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2040	msedge.exe
2040	msedge.exe
528	msedge.exe
528	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
528	msedge.exe
528	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe
528	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 796	528	msedge.exe	84
PID 528 wrote to memory of 796	528	msedge.exe	84
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 1920	528	msedge.exe	85
PID 528 wrote to memory of 2040	528	msedge.exe	86
PID 528 wrote to memory of 2040	528	msedge.exe	86
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87
PID 528 wrote to memory of 1748	528	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b13e92ff48f4fa19aedd2b4b4e37b5ba_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd15c846f8,0x7ffd15c84708,0x7ffd15c84718
  2⤵
  PID:796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11421885351502876762,7422888007100393358,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2052 /prefetch:2
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,11421885351502876762,7422888007100393358,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,11421885351502876762,7422888007100393358,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11421885351502876762,7422888007100393358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,11421885351502876762,7422888007100393358,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,11421885351502876762,7422888007100393358,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
315965eee3ebdcb4627918cd3a5f478c

SHA1
709f55df3a66736f5d2966b761a2ebd7df0c2252

SHA256
189c43cc5ab0fd09aa6c4071c3022ff7e32d96647bc69fc2e986d56e6284a177

SHA512
949c9dd9b9ca8fafc46cdf87e0417913a06fc70ddd32dd4ab6f7deed71f882a78dc50691a19f012f826cddb95ee7ff810a944e43213032092c19c3c7b385262f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
83178e5308bbe049f028e02658389714

SHA1
d7de7debad5b193cadc9eee0b018634226547817

SHA256
1847c6b1772209ea3bda7a422f2c6aa82322ebec2c913c0494473ea622738e0e

SHA512
0011e59bb39678f49c84d06117666d5c1ba50b9a5545f3c5d8139f5165c09330bed4cabb3e8ef27a2d6e8de31b68db7b3b4047a4d9961a31773229c1431f18d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17593e4f01095166c625431b40313ebf

SHA1
9ca3f328db00958a6fe1ddf9633cad099b60c506

SHA256
37bfba60a91f300b39ec84fbbc6e1ca952a2c03b600f2fa72c429f455376156c

SHA512
5111ffe5c4462720476affc0d60629fc8db71b46dcf13ad24071099535f4b78b619e13087a44811a1c07ad0f5afaa589c47c3fdabb46c57b8b67e46a4c79d259

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2c1e8ced5d14e4b53b909f7ee9fde2fb

SHA1
fca0268c75a0303b99c0cc0ad93f5f3df55ed805

SHA256
d1d1b78a541326acf066aec8be1d0a611b71050d8a30a393feffb7dd2adcf8ec

SHA512
2ffa044c319b136fe280dcfbbb953f3c2d874817ee6e2e596f60f5f9e9efefb3824d44b0020933dd3d30ebef63a8effd271b9029c18ebd56fa511f19badff71c

Download Submit