f63921cc2aa29e919ba7f24fc54294b296ece3a575ae2a13c20670bfdfdb4d8b

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 19:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4b1806863c3309071a1a09c66d7d6063_JaffaCakes118.html
Size

13KB
MD5

4b1806863c3309071a1a09c66d7d6063
SHA1

207e8a4cf77daf70e58ffbbff5e3f8caec7890d0
SHA256

f63921cc2aa29e919ba7f24fc54294b296ece3a575ae2a13c20670bfdfdb4d8b
SHA512

9063778d5a1404b5748e2257b1bb104893875da85fa058c1d6e45b7f9be2ac6c4bde1a5a6afe87fc276fca258bfff5764617c213103531e11ee15ada2af1a38b
SSDEEP

192:GXVf8AM3r+Or2cCUlG6elWyFgu9kdB76bQ+R2vU:Glfb3Or2pCXeljFgu9k3mbNR2vU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
4836	msedge.exe
4836	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe
4836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 3200	4836	msedge.exe	83
PID 4836 wrote to memory of 3200	4836	msedge.exe	83
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 2548	4836	msedge.exe	85
PID 4836 wrote to memory of 1144	4836	msedge.exe	86
PID 4836 wrote to memory of 1144	4836	msedge.exe	86
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87
PID 4836 wrote to memory of 1940	4836	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4b1806863c3309071a1a09c66d7d6063_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbbaaa46f8,0x7ffbbaaa4708,0x7ffbbaaa4718
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16716160941604172472,6880601586554740695,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2036,16716160941604172472,6880601586554740695,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2036,16716160941604172472,6880601586554740695,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16716160941604172472,6880601586554740695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2036,16716160941604172472,6880601586554740695,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2036,16716160941604172472,6880601586554740695,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1308 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2304

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
131c3ba7b541725372839bee168ad942

SHA1
d84548ce6646517ad0a7b36ada86b6e6dc80999f

SHA256
271b3086f26a4e496539b26ec8fdb63eb38bd869fd1877f1268cf030838dbe63

SHA512
331f14345030934b7396522184a3745e72cc9f123efd2b0e33d12f0130428a734b96f0046204597b8fc16593d39c72debc3b802f313f0a431f737f697a8db505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ea0c79ed5c2a1d5352c20418a633f878

SHA1
cc3bd61ecefb453296110d3095b2d943f2a73815

SHA256
6c34ff6de61e7ab2675b1b2061fe8ec29eec6e87624eb7056d801cd7d395d353

SHA512
7e882a88f18b898c9150efe8d8e1aca6ce4f0ce945a58ad4eed65944fcbe02d97b1475ef8045b3519dc904a1b5e0bb7e7c90583d227ced4bba827453e225cc09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e46e6b559d8fae3d1779a198b9d4637f

SHA1
4c033f8d225f8c384860cc6d1900dceb621ec4d9

SHA256
98a6b628ab465a9e4f85881ac84708947bb266abf6ccd7d1b48fd8ffac555d48

SHA512
c21a185e011094c6ab9f03c215f6693931059b9492468f116d8eb4aba1f274563163ee666b18e9197b59bdb9106b7cb49b2e1c983d048f17555187c763bab600

Download Submit