50ffa2e676786214e38b04034284b1dfaf026f9b62049a9b82349d3917cb41d3

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 17:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4aadbb88f2849b3a6115ac87b661b414_JaffaCakes118.html
Size

123KB
MD5

4aadbb88f2849b3a6115ac87b661b414
SHA1

fe02cdf0c247a547fbac6426bc5297bc038b5804
SHA256

50ffa2e676786214e38b04034284b1dfaf026f9b62049a9b82349d3917cb41d3
SHA512

4963726f5f233baf1034e78d586cb277e7c693dc79577194059ba7bbb9aa3cfd0c4bccd11f67a8c34031f7cab90c56c7d115b40e7f3e9c0acadedcbc897fd40f
SSDEEP

768:6xJcOmNeAv48k2AuDMvlT7KNlCvcHhECj9dekHNnDHesUKVubkOUtfk6gFF8gBkJ:6TcnA72AuDMN7KzqcbqkB9SkJfk6GqIm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2932	msedge.exe
2932	msedge.exe
2176	msedge.exe
2176	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe
2320	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe
2176	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 4516	2176	msedge.exe	83
PID 2176 wrote to memory of 4516	2176	msedge.exe	83
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 684	2176	msedge.exe	84
PID 2176 wrote to memory of 2932	2176	msedge.exe	85
PID 2176 wrote to memory of 2932	2176	msedge.exe	85
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86
PID 2176 wrote to memory of 3984	2176	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4aadbb88f2849b3a6115ac87b661b414_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7a2646f8,0x7ffd7a264708,0x7ffd7a264718
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,11819229062155227892,8522506997598356383,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4860 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3736

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
75c9f57baeefeecd6c184627de951c1e

SHA1
52e0468e13cbfc9f15fc62cc27ce14367a996cff

SHA256
648ba270261690bb792f95d017e134d81a612ef4fc76dc41921c9e5b8f46d98f

SHA512
c4570cc4bb4894de3ecc8eee6cd8bfa5809ea401ceef683557fb170175ff4294cc21cdc6834db4e79e5e82d3bf16105894fff83290d26343423324bc486d4a15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
10fa19df148444a77ceec60cabd2ce21

SHA1
685b599c497668166ede4945d8885d204fd8d70f

SHA256
c3b5deb970d0f06a05c8111da90330ffe25da195aafa4e182211669484d1964b

SHA512
3518ce16fef66c59e0bdb772db51aeaa9042c44ca399be61ca3d9979351f93655393236711cf2b1988d5f90a5b9318a7569a8cef3374fc745a8f9aa8323691ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8a9e947c-712d-49a6-8d65-3f8da55b4178.tmp

Filesize
6KB

MD5
603c7aba2342ce0c11315c0ab7f3237e

SHA1
022328289dd95b5d68ce1f6a4ec0b86e0bdf4869

SHA256
029c585a9ec4a99c5a355eb9afd1fb9462413270afe07afc28986a558a871c95

SHA512
04385638f5d546515e08bab4f8b6d5e03514c2d2e52769912af6c25b6653c746684287016430752fa4d086040f06e9690a219c9769d9dfc87945013b0f1cb6bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bc40beb6658bf3b7627b4ee86aa694e

SHA1
ab98c050c9404d1679ec6d82b4a2ecda2370e314

SHA256
87b5d15cf28e20713c867cfd4e34bd48968bd546d9ada93f1ef74b0ee04a4c8d

SHA512
d74451db32418f90e721f7736921e4c329e54df265e9f50148f07db4132cd28fe680b016a09769abb7b4fe45f385b16021025294f7d463b76384e95144cef867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
69c061831032e8456ef1a9b488cc608b

SHA1
1109620252d26c2e53fe685635e278573625931c

SHA256
d2558681c85c0e722888a4ae4d69d865df95fd3703db09f0cb0aa97a0ff2c342

SHA512
92f37bade84760559e1139683b55b79289797183ba039d2a2ac392158644262662d5da9dec2587771237e928ccdf58debef74995830fc21c7cfd83e2be8605b5

Download Submit