60a2e95d708b43bdfc043a9a3bd737e6c8ef8a3a482dcd248525d868d5ebfa28

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4727b5ec56fdc646d4a94d662581fd7a_JaffaCakes118.html
Size

121KB
MD5

4727b5ec56fdc646d4a94d662581fd7a
SHA1

83e96ac2fa2af9cecf61fa19cf691a275a7f1bea
SHA256

60a2e95d708b43bdfc043a9a3bd737e6c8ef8a3a482dcd248525d868d5ebfa28
SHA512

38bb1a3c9c808dfebcbb3fefc13d5a86db048e3e5108407e6deaebb2d6cd9632e77b8d523d4a02d384e3f2f249d8bc78991c9879786c7fec84aabe04da386b31
SSDEEP

1536:aKIBtMEFrm8slKIzeFjNI2g3tUdvpNxSfX59u:aKIc2rjslKIltU5pj9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
2128	msedge.exe
2128	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe
1472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe
2128	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 4520	2128	msedge.exe	83
PID 2128 wrote to memory of 4520	2128	msedge.exe	83
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 2680	2128	msedge.exe	84
PID 2128 wrote to memory of 4004	2128	msedge.exe	85
PID 2128 wrote to memory of 4004	2128	msedge.exe	85
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86
PID 2128 wrote to memory of 1268	2128	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4727b5ec56fdc646d4a94d662581fd7a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc7ad46f8,0x7ffdc7ad4708,0x7ffdc7ad4718
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4192 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
  2⤵
  PID:1664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3692 /prefetch:1
  2⤵
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,14072319543463557636,1614611301163900781,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1772 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6c86c838cf1dc704d2be375f04e1e6c6

SHA1
ad2911a13a3addc86cc46d4329b2b1621cbe7e35

SHA256
dff0886331bb45ec7711af92ab10be76291fde729dff23ca3270c86fb6e606bb

SHA512
a120248263919c687f09615fed56c7cac825c8c93c104488632cebc1abfa338c39ebdc191e5f0c45ff30f054f08d4c02d12b013de6322490197606ce0c0b4f37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27f3335bf37563e4537db3624ee378da

SHA1
57543abc3d97c2a2b251b446820894f4b0111aeb

SHA256
494425284ba12ee2fb07890e268be7890b258e1b1e5ecfa4a4dbc3411ab93b1a

SHA512
2bef861f9d2d916272f6014110fdee84afced515710c9d69b3c310f6bf41728d1b2d41fee3c86441ff96c08c7d474f9326e992b9164b9a3f13627f7d24d0c485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\768d87db-545e-4744-b71d-10fc959687b7.tmp

Filesize
6KB

MD5
df4a899914e526df78f5f1b8040eb0dd

SHA1
e4f0b97b099925e508f7859db4fd30b2d30a8c12

SHA256
be60a162a5482f1165f4822180e22a7e34706a92d8a4349fd52b66ec189d03c7

SHA512
24d1e90901334befda6ccc6e8160be69f9a44d6c83c77554bef0ead6d79eaa3e5d94feb2b4ab89c6b0d037d6a5a9e782cd75cbbc2476a54b88056b7043cc17c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4077b16e8a01eff872f82cd57c39aa20

SHA1
f60f3937ce5902504fbbeb47e50c849f92399c5d

SHA256
df82c28fbdb00f224e08f5a71cc2aaafe182d5692d0d643cc598fcb78e90d319

SHA512
9a04ca6b7d25e06b6b833dc6b61053a4a902ef6afda0d0022225e66c07dfa56c0da932d4c46f943fe27351973e619e584559d65ef483376bac179baa6f52fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5da542f9591f34d1b1cd0db469325791

SHA1
3cd4f8a92b6f972b5e18f442cfe0b113d2b1fe80

SHA256
cbb1eee2c678b1aedf4ff55555d7709e19435019f482a3b247203cb3409fabbf

SHA512
62211b0fc8e7d5f9c0a778dcef8475e149e5d94aeda61555e0c8ae72c2f399eb9a57715be072613e854b7330a164fa59a9f98d98585c539f6ea96e2c3d04da47

Download Submit