68dda83f15afda66e5ab2f8f0049e9cfb0b85de3e7947fc707842598393a38c0

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 16:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

28c7d4cc718473950c3dbea20a6e2f7f_JaffaCakes118.html
Size

32KB
MD5

28c7d4cc718473950c3dbea20a6e2f7f
SHA1

30450b1db157cb47fa0795ca46349e3885eb61f5
SHA256

68dda83f15afda66e5ab2f8f0049e9cfb0b85de3e7947fc707842598393a38c0
SHA512

baf621d6ace937f21f40073a23b54dc8571b57aba345e72513cd3c8d7520b3b143fc3854325a9760db3b38229aa8a4bb9c30dffd3be6012a2305dca0f27cbe37
SSDEEP

384:zXzawbfl/LqH0CViXyCwKGoDdhkyh6t0NdgBShZdtJbwr+HOanJH/M5QrBtZHt8F:awbBLtiFoDbHfsr+/Ht8dPz

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2652	msedge.exe
2652	msedge.exe
2676	msedge.exe
2676	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe
2676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 4920	2676	msedge.exe	82
PID 2676 wrote to memory of 4920	2676	msedge.exe	82
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 1492	2676	msedge.exe	83
PID 2676 wrote to memory of 2652	2676	msedge.exe	84
PID 2676 wrote to memory of 2652	2676	msedge.exe	84
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85
PID 2676 wrote to memory of 5012	2676	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\28c7d4cc718473950c3dbea20a6e2f7f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff93ef346f8,0x7ff93ef34708,0x7ff93ef34718
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,14090519758970042268,12756680019653194457,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,14090519758970042268,12756680019653194457,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,14090519758970042268,12756680019653194457,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14090519758970042268,12756680019653194457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,14090519758970042268,12756680019653194457,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,14090519758970042268,12756680019653194457,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2656

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
49fa2ff6a330662f5284e7f63db46f4d

SHA1
0bc3fdfcebc8cd833afa29398326f751e5010d97

SHA256
c236e5fc8124d4180637d6a212a4c1acbce1f4076063adcf80789bf0632ea2d5

SHA512
3ffb75efdf9738a0637b51dfcc369d5cfa41f0e059166ceb8b6e1c45fbcae9c9bb8ee1cb6b0efc2f8bd0473fe0f73c83e38ebde4daf5f2e1816af9bbf80d62a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
30eb9999ca9382d32cdf393d7ddda778

SHA1
b47821e5a549b9cad8f4a1542e0c353ef162c7c1

SHA256
012b1ae987805a059b25be48f0173d3dcbd5a7c7590a3fa025c638fb50bec50c

SHA512
7284053d47b79dfff0c77c209b995ef5afbe9a3d7b66474689cccbebda87076f39187e7508258b6f9bc24227b9d468cfbbbc9eebaf77fa2af9de5bf9a5e938cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4591a9f2c07901f23500880f983a7860

SHA1
093cf3ffcf232ae4f00c17d7a77a851494b5da5c

SHA256
4bae84d5e2d98f0f0b04806c6df8bee29d2f9c7b2d616ce49ac5033bd5662ad3

SHA512
001bbee046a18868a61af8161094408861515dbd39b50c08ef1172a34f04c787a2e24643fbb07d71e32a31a523bf75da464823d5695351459226de86b068f012

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
557ffb73ddca7d33aa6b7b692e435a89

SHA1
8e68f7e861c69af7b5bba39b6dc6dafbfa23f3a6

SHA256
9d3400c76f3bcfcb6af06efefd265ff722bb0ff4538e4761738c6d8e090a2de6

SHA512
925ef1437da8bf560668b03a775c0504655d01085fe33bd7663aeeeade9ad553ce0355edc2b487f79e9487eafa1bae62ca6d4d6aff08f2f515808e38648a8d85

Download Submit