7982f4824bd9abfe07e1032fd6ee29ae773b117bb6937eac9a55ab6597159e4a

Analysis

max time kernel
145s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 22:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ba954bfdfa3d33f719fcac2f644a2c7_JaffaCakes118.html
Size

188KB
MD5

4ba954bfdfa3d33f719fcac2f644a2c7
SHA1

3c46e70a2d912757d0446c50f80cc7a88bd4a16f
SHA256

7982f4824bd9abfe07e1032fd6ee29ae773b117bb6937eac9a55ab6597159e4a
SHA512

2068768a4d1f500e1275526533b92b545185e65f7f807e0c694b38f6ca190a7e9bd119458a93e46320e17e5f6283d3ae2e0e5127e79b39c0de22c0b91816ab85
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fcDiU6HAcg8LVXbAabB02ALcZGxFpPp:slZVLNib

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1672	msedge.exe
1672	msedge.exe
2660	msedge.exe
2660	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe
1080	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe
2660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 2704	2660	msedge.exe	83
PID 2660 wrote to memory of 2704	2660	msedge.exe	83
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 4400	2660	msedge.exe	85
PID 2660 wrote to memory of 1672	2660	msedge.exe	86
PID 2660 wrote to memory of 1672	2660	msedge.exe	86
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87
PID 2660 wrote to memory of 440	2660	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4ba954bfdfa3d33f719fcac2f644a2c7_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8dac046f8,0x7ff8dac04708,0x7ff8dac04718
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,18192810336827939484,6347346756013177632,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,18192810336827939484,6347346756013177632,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,18192810336827939484,6347346756013177632,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18192810336827939484,6347346756013177632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,18192810336827939484,6347346756013177632,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,18192810336827939484,6347346756013177632,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2800 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4f23718d-5ae5-4dd4-a545-5f5c750af5f4.tmp

Filesize
10KB

MD5
3654a5a992759546cd9e15381d882742

SHA1
4298335b175a2ff4b90514b67831f99decd31446

SHA256
36c57abb7dfcc6919041e3c2ab8e92816bb2a9afc06c49f914ad004ccf74fae2

SHA512
ed37023e273198bb2491d65fd262687ad3ba6647ac629bc077e7d9ad52d1368686c6c730b4b8904532ca02044c3abb0bd9040719a2936868143c6579a410e3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a965376c1636b14f8337cef2923a728a

SHA1
4f7e6b4a82e64a9f779a520c61e92462376b12fc

SHA256
da5200ba68c5927fd29ed1788a742fb8c114eee6ba483fcf3aacc5fc1dfa75de

SHA512
4bee64a6d2e342e20a7b991fbfad218d5448eeb8edaced72480680bfd923531a810553d36be3f4eaf426e9c197cbc124028a4a18a966cecaec2041393c488f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
51b5d30473598e8028772de5d5d8d542

SHA1
91b59fc09ef9c7d89f8e08e2542abcc04b8ad9ea

SHA256
701b9bc820eec32acb41c3d9b28fde73f766ba81673721dca0e8c685b46d5351

SHA512
5341de4eb2ef6cc05ab1030a90e59e9da7426c731a863b1ded909baaafbf36a7ed83006b6b198bd2d7527434963b69c4c9f5f0aa42c85d17ee7ae1761c8ca08d

Download Submit