8b2dad2a1e53db42e9f237f21c36d9d9a552dc8d9bd340f1a8fbf43bfd63975d

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
06/07/2024, 17:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

290fa483e602f250f36cf9a2f7fdddc3_JaffaCakes118.html
Size

108KB
MD5

290fa483e602f250f36cf9a2f7fdddc3
SHA1

cebb92b6be35d040a0bf44987a4fefcc0a3eee39
SHA256

8b2dad2a1e53db42e9f237f21c36d9d9a552dc8d9bd340f1a8fbf43bfd63975d
SHA512

05a09ac2b65da9a1f5f8080f0419fa82dc7a9e73149514ddcdd3e3aa6a5edd31b7ea8acfebeaa414ecc105e7176eec0db82e220d3ebf8820b67bcb63620ca5df
SSDEEP

3072:nk22sYJ6rHfgaToXdYK9GQT73ay34skxE6aGXo7Y4pU9utxO:nvoaToAdb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
1004	msedge.exe
1004	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe
4584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe
1004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1004 wrote to memory of 352	1004	msedge.exe	82
PID 1004 wrote to memory of 352	1004	msedge.exe	82
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 4656	1004	msedge.exe	84
PID 1004 wrote to memory of 3120	1004	msedge.exe	85
PID 1004 wrote to memory of 3120	1004	msedge.exe	85
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86
PID 1004 wrote to memory of 2176	1004	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\290fa483e602f250f36cf9a2f7fdddc3_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0xe4,0x7ffe743d46f8,0x7ffe743d4708,0x7ffe743d4718
  2⤵
  PID:352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4246326104039900272,10958844893170975572,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4246326104039900272,10958844893170975572,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2420 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4246326104039900272,10958844893170975572,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4246326104039900272,10958844893170975572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4246326104039900272,10958844893170975572,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4246326104039900272,10958844893170975572,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4996 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4768b80c-f0f0-4dc9-8edb-e68a8e5e8794.tmp

Filesize
6KB

MD5
dcff76adacc5f72cfecd98a8f62c1561

SHA1
3732647b922a758cb123f308d2d16b478cecc0ba

SHA256
7822c27732a1a435c0bdd2fe88e8e1058d8270e4df00059e7ee21bfaa29d9715

SHA512
6ef4d9f002ca51fd4ae9d31b54f54782e4f5b40d2bb5095d77a1c0e18a9bf1dafbdda7912ddda3d7034e65717d2adc62cfe8f8e1f46c97157ea64887e63e4b76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
502B

MD5
0afe1d8d0de7df10fb188d7ded85dbb5

SHA1
fff1fbf65616a11c31ef377ca33161c65cfabdf4

SHA256
9fc543e1b64d90c62bb183be3800ec0d3b15231be14f2252bfa9527bc6b9b066

SHA512
74c108f0282965f07d7a8181a407703f6e6ef9b3bfa9e3f4a05cbda1223461ccc57a5905df9af52e649e99a6c301ac75427a69d7516753024283371637b982a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
27a7102d7083a3094f565d4964907978

SHA1
4f1d383c57bd4ad967bbc60ac3aa3f51a47d5d70

SHA256
f30c8831536fcb1e89b02765d71569be4f0c186a4774273db0d8a7e4df1e284e

SHA512
1ebe028c47e7689185a9fbda23b8ff1edf36cbb74721090986bb6848d661dc6e435a5f61fe9cf370534821c1b0b5e94bb9cbd651596af43fe87ba45994519126

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\f6b4a953-d889-4b1e-8e23-2eb57bb00dbc.tmp

Filesize
11KB

MD5
4c3f368232c7231841aa945903c76db9

SHA1
427c4ed84b56ac0972bf21e54b11b6f454364b0c

SHA256
b0420a915f2a10488ea9ab234c234bfbfcc5fb752ac2491fef10d7a5c9ba6a3b

SHA512
113b672dff30ade9de43b42e1fd1a44565256dcec4a958ba94446618e9c0fe43617d65b00b0b1e9784fbe654feb95c7a09e40a83a68c28991c0861e9d4853489

Download Submit