2c9cd705efb29429314b9e1b6bf6ca4eb4f3ec3b3de3f55c9587e10681bd7404

Analysis

max time kernel
145s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 18:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

46f072782a22c1578d3ef5a81580f131_JaffaCakes118.html
Size

91KB
MD5

46f072782a22c1578d3ef5a81580f131
SHA1

d99c3f2322218e771463fa36f163e54d98d0cf9c
SHA256

2c9cd705efb29429314b9e1b6bf6ca4eb4f3ec3b3de3f55c9587e10681bd7404
SHA512

6b4102cf349c31ce36e496dec729fa8477a42198908971f72d440c6b0bcffaaa8f5991a2e85e179a5376ec45a095f0a7122ba49633ef2669cdd286b028d487cb
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcnjjHAbkTLcMiLcZX2WEip:sseeLUS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
4676	msedge.exe
4676	msedge.exe
804	msedge.exe
804	msedge.exe
804	msedge.exe
804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe
4676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4676 wrote to memory of 4880	4676	msedge.exe	83
PID 4676 wrote to memory of 4880	4676	msedge.exe	83
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1864	4676	msedge.exe	84
PID 4676 wrote to memory of 1096	4676	msedge.exe	85
PID 4676 wrote to memory of 1096	4676	msedge.exe	85
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86
PID 4676 wrote to memory of 400	4676	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\46f072782a22c1578d3ef5a81580f131_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff817a146f8,0x7ff817a14708,0x7ff817a14718
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16291444094997716120,7148682888820265168,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,16291444094997716120,7148682888820265168,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,16291444094997716120,7148682888820265168,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16291444094997716120,7148682888820265168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,16291444094997716120,7148682888820265168,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,16291444094997716120,7148682888820265168,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3056 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
336d446c1408430b8bcb0862efbeb7e8

SHA1
94d6222a04478efed110c7807b3640da304372af

SHA256
15403320540754e571baa9c1427219fa2697e451331b6bd765de7e234529bee6

SHA512
732623ca1c9181633f655c98bf7059c59f72a902962b27e7e0d8d0c892ee408ed47978b2c4d66f5b4b2559efd155fd946b8f4638d087760502867319503fca8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c417537b2de5a403167597f578510ae

SHA1
d6c1e4e0dff9ad222bb37678e0510525391afdc3

SHA256
6c87f378da1760d0fdb95eef996a9d50ca24ac9f96b451b4e47ba8de187131bc

SHA512
890451a43a0ed4fa2446e25d68ce374d1b20a6271ff24cfa2b8026056a65a95fd60b2770bf4376c8c25f1ea47c5ada380e5c1cc09802f249c93cdc777447f2c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2a009bdb936cecd48ac5a26437b61462

SHA1
7bdb0808c8cc8b63317868e97378ee7b1739052c

SHA256
a5c6bc4292bff4d6da6d69d0eb23223bb6a1fc551ffb37cbca2882d1cbad5c54

SHA512
bc9d1561d9cd37cdef39e738ea00782b5980ad9baea04aef06af54fce4bd95d99deccd28761aeaaca8c25269f31308cf171e026a0ed664be95db93e1e2e501e2

Download Submit