c8421cc384a059c47206fcadba62aa4319a2a66d57319792c35f6ca7e148b5cf

Analysis

max time kernel
145s
max time network
130s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b8dc43054065b5b805701f542029df2_JaffaCakes118.html
Size

115KB
MD5

4b8dc43054065b5b805701f542029df2
SHA1

c4b53dfe49ff8c3082a4b406ec958960778b0c61
SHA256

c8421cc384a059c47206fcadba62aa4319a2a66d57319792c35f6ca7e148b5cf
SHA512

be70572ff88c4060489aea75d75d712fba2b3b34754304007b88f680261e18e7a7020e981f006b96226d2821cf4cb1471553f0291547cce4f836c4c4c99d8aab
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcgExHAScoL1r/pcZq9N1rp:s+f5L3P

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4864	msedge.exe
4864	msedge.exe
3056	msedge.exe
3056	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe
3456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe
3056	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1544	3056	msedge.exe	83
PID 3056 wrote to memory of 1544	3056	msedge.exe	83
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4364	3056	msedge.exe	84
PID 3056 wrote to memory of 4864	3056	msedge.exe	85
PID 3056 wrote to memory of 4864	3056	msedge.exe	85
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86
PID 3056 wrote to memory of 4608	3056	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4b8dc43054065b5b805701f542029df2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8779546f8,0x7ff877954708,0x7ff877954718
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2324363697876556031,13278525344423175544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,2324363697876556031,13278525344423175544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,2324363697876556031,13278525344423175544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2324363697876556031,13278525344423175544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,2324363697876556031,13278525344423175544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,2324363697876556031,13278525344423175544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8d2b69b43c15a8d0acf58dc35d2d93b6

SHA1
43b0b87eef50c5913a50b1b1293fbb67b70c02aa

SHA256
efc2ac5c8420db43ccc201d3d23c5ffc343d3ece75f02a7ffc93532ce5c90ee2

SHA512
3c25a53694070615f0d900d1c8b5fbc477e165c44172fb7ccb58d0b380147de2e05ed0f82baa4256c445691cdd383129d891ed872a0114cf74add6f03dd44536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22c94cd0796790e0b3e48a5a8da6fe6f

SHA1
353c5ba86b492786d13b6ea440b968202b6249f0

SHA256
47b09c33745538b06a62a2da7ae444e470519e3623933c65733cfe82da948f2c

SHA512
bb60014d5e4241969e295fd3e45778baf22aeb42d8ef1cc0baa4f73035a9a5cc447650cd31720eb21ee264dc9de0f1d2079d9b6e828c142f0f43aaca787979ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
866b11cd93a4bdb8dab8316dc182be0a

SHA1
465531d3eeef622666c32380f7d2ad62bb0de384

SHA256
c5fccf1c1a66963e3e0d63989fe16575d1d016adbf3407da422a6a0efe684dc3

SHA512
5a7361b1ce7594e8a6ea91e06efc559957588495ff26871a9c357ba40de14af876ffe1ebf94bd89ab1fda25923998cb2d6455f2538651a533940b706338457fc

Download Submit