ae1b4318c8b71504ef1e000e55d262222e6a17c0eb4985eaab4211f9d73da91e

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 07:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27c801561a1f1d66c923e1fbd400fb1c_JaffaCakes118.html
Size

238KB
MD5

27c801561a1f1d66c923e1fbd400fb1c
SHA1

5325dbbf03dbf889660918207e9a8f89b6093dec
SHA256

ae1b4318c8b71504ef1e000e55d262222e6a17c0eb4985eaab4211f9d73da91e
SHA512

998bf9156d970e12ea9b479db75a1124e4d9eaae516480835f5f0b84bf6a1bd16dc78d3d212ccedaac14d6d36592ef347fdc2dbc2999287dbffd69f1c5c67a80
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcVNTHA9afLamw8llW6cZ5A4+4p:sG00LXlW6U

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
4044	msedge.exe
4044	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe
3628	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe
4044	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4044 wrote to memory of 604	4044	msedge.exe	82
PID 4044 wrote to memory of 604	4044	msedge.exe	82
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1460	4044	msedge.exe	83
PID 4044 wrote to memory of 1236	4044	msedge.exe	84
PID 4044 wrote to memory of 1236	4044	msedge.exe	84
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85
PID 4044 wrote to memory of 2684	4044	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27c801561a1f1d66c923e1fbd400fb1c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa00da46f8,0x7ffa00da4708,0x7ffa00da4718
  2⤵
  PID:604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10340454804665199544,10220497716712888176,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,10340454804665199544,10220497716712888176,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2396 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,10340454804665199544,10220497716712888176,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10340454804665199544,10220497716712888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,10340454804665199544,10220497716712888176,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,10340454804665199544,10220497716712888176,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a27d8876d0de41d0d8ddfdc4f6fd4b15

SHA1
11f126f8b8bb7b63217f3525c20080f9e969eff3

SHA256
d32983bba248ff7a82cc936342414b06686608013d84ec5c75614e06a9685cfe

SHA512
8298c2435729f5f34bba5b82f31777c07f830076dd7087f07aab4337e679251dc2cfe276aa89a0131755fe946f05e6061ef9080e0fbe120e6c88cf9f3265689c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f060e9a30a0dde4f5e3e80ae94cc7e8e

SHA1
3c0cc8c3a62c00d7210bb2c8f3748aec89009d17

SHA256
c0e69c9f7453ef905de11f65d69b66cf8a5a2d8e42b7f296fa8dfde5c25abc79

SHA512
af97b8775922a2689d391d75defff3afe92842b8ab0bba5ddaa66351f633da83f160522aa39f6c243cb5e8ea543000f06939318bc52cb535103afc6c33e16bc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cec066006b73aafe13bc1f9db9348a39

SHA1
73162365f7820d13848f0b9beb99fca181bd1d6a

SHA256
7d072036b7597359cd49b24bcd69a57a0359e847a9589ba2a9407ffbebd06859

SHA512
a9c689075c9e660dfcac7c9f0d0a3153a3bed7b1d9ea7919bae36802b49fe58d39c7b5ab3a6a83aa61ec8b99890aa838923fe3847e960d0362f51b30c5109f58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
981e17c1e95d05bdca7ff7241e769dc9

SHA1
dc3be45d970991b949a9c9c2a8635e6a5e18eb01

SHA256
e4a85ee57b385710c73e014de5280120134e9a1443f22b30977ae575ed5303fb

SHA512
f1e3cdf9f0f24ed48fc612a26491d37ca409f286c77bcafc6663d62d0d5b489b131df4bb3b12b05629e1a63050435f872b1a592f30b0b5faa59b11e7d91cf7ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3d2e37e5bed71d7558a2d3cb442bd202

SHA1
44d6b5a201e27e85326cd55d7fe64937d4c734d2

SHA256
565c1440735d3729e4f5cd917d708d9a74c6d3d8026143759d869eaadb93f251

SHA512
e6248f1f19c82abbb4f83c98ce01ba1faab2087ee9075b18656d2cdf84b84fed238eceacebac78009639d7554c0f1b41176ddc13591b3e0f84f2c22126405b69

Download Submit