cb436a9cdbd8f082c8abe30e5a872bab74e349b5e6d9c1ec9266b80623c32dc2

Analysis

max time kernel
145s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08-07-2024 12:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c6e0969b17d205d5f352223700b8ed1_JaffaCakes118.html
Size

165KB
MD5

2c6e0969b17d205d5f352223700b8ed1
SHA1

5180f9ca8ddc3d19510b688d475c46060bf122c4
SHA256

cb436a9cdbd8f082c8abe30e5a872bab74e349b5e6d9c1ec9266b80623c32dc2
SHA512

f2b263199e34b419bf6827d8e64570ed7b16f016e261ca50982267f10f03537efe7c4347c82aa072f0c75fc0b40d414f9613f0c654d87640d1dd444d43fee38e
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcs2f/HA4K9LIg+eXBcZjaiI2p:sypmLBBm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1724	msedge.exe
1724	msedge.exe
4500	msedge.exe
4500	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe
4056	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4500 wrote to memory of 2908	4500	msedge.exe	81
PID 4500 wrote to memory of 2908	4500	msedge.exe	81
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 2332	4500	msedge.exe	82
PID 4500 wrote to memory of 1724	4500	msedge.exe	83
PID 4500 wrote to memory of 1724	4500	msedge.exe	83
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84
PID 4500 wrote to memory of 1244	4500	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2c6e0969b17d205d5f352223700b8ed1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc639746f8,0x7ffc63974708,0x7ffc63974718
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,7036135715589824780,11654215476287429327,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,7036135715589824780,11654215476287429327,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,7036135715589824780,11654215476287429327,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7036135715589824780,11654215476287429327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,7036135715589824780,11654215476287429327,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,7036135715589824780,11654215476287429327,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1fe3a26bd35b84102bb4203f31e74c7

SHA1
45fdfa8433789b575eb64e116718e62e0e0cf4a0

SHA256
26e0d51529de906dd285ba48288e25eaf5213c0f0bab9bc5f119ecbc5e1b93ee

SHA512
d528db2e9b917d4fbe24b1b5c6f4cb274f4f91c84f63e5119e041fa89ae0cd01a370e314f8b6aca9d6fa958e79feabc720f4b54b3d8aed69aab11fa84cad36bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2915233ace3b11bc8898c958f245aa9a

SHA1
68c6aa983da303b825d656ac3284081db682f702

SHA256
b2cb442f2ca27619c8df087f56fcbbb53186c53f8fd131af886ee3712220477e

SHA512
e3f1b70d39b615e212f84d587ee816598236ee6ce144d919593894fcce4a0900343a9e8b837a0d1bd10921fff1c976c84c4a570eda776fe84d374a69e7a54890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fe4b2adcfb816ae716d48733a0397d0d

SHA1
62c90c9588f3c54214227779224d8b3053bcbe9c

SHA256
2706f4f813b1be03bea0ee8d77c03b7d2a9a4a74f75f87c155c21a0eb6b98b0a

SHA512
d5f3a3b903912399e271f1f6c6551f90853b7b753a65bd01c0a68fdfe80d1d53b5bb6b7938a4e8af6961c6dff70f449a23179010726f9ab23571798071863faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b6d404db5431f2caa42541012612c2f1

SHA1
8869305fc2e1e0cf184c50284d5b53b31ff93c6e

SHA256
45f6e2db2bb6d05a9f07be820b247f19f36631262ac4f226c4e8be31ba84edb1

SHA512
dba6078b83ea3c856d8b82f557a95e4f5c99dbe1e46759a7ed1a46bc808de80885c78d45af2229dbb65e6d0bd9436beb060136a8dc47523c1802990c1ce42c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f77941c1094bd1e2da4b58de03ba757

SHA1
d228b655b3445aac1caa50d9bd2ffe543fde7c1b

SHA256
fcc148e33aec624a120412786f46d122a6a5ff96a0d9be46c19581f11ae09e32

SHA512
96eae1e0c87684a302b3cda1e9db975a6f5f19776c944fa910bb53e1c9e8bc6ff403a9878b73a0ee2e0a1b9376e29fa4306f81cdd5a1b7c3c95ab90194d81905

Download Submit