61a1f3d780218f3895221a9f1a0af3126cdc7eb7b5cb740c3c6d203c252bc385

Analysis

max time kernel
145s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 20:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b54a54bda895c2350a7ca927102cd1e_JaffaCakes118.html
Size

167KB
MD5

4b54a54bda895c2350a7ca927102cd1e
SHA1

a30311d41f53f3a8be967eb2e6b19e1d030bd895
SHA256

61a1f3d780218f3895221a9f1a0af3126cdc7eb7b5cb740c3c6d203c252bc385
SHA512

c5da03a1631f0ad4e5fbd6b0636ec7f2b2e119d6bc483acd195399bbc01c6bf89178dd4983adb104bfa863e51d8bf6c3ea5c5ccad444a93b6de79b424ba820b9
SSDEEP

1536:pbMjw2fMk1D3O9Pj2fc1W6HHAdaXLZfbc4cZmhhJvp:sMsYLi4j

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4748	msedge.exe
4748	msedge.exe
4256	msedge.exe
4256	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe
2424	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe
4256	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4256 wrote to memory of 1680	4256	msedge.exe	83
PID 4256 wrote to memory of 1680	4256	msedge.exe	83
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 932	4256	msedge.exe	85
PID 4256 wrote to memory of 4748	4256	msedge.exe	86
PID 4256 wrote to memory of 4748	4256	msedge.exe	86
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87
PID 4256 wrote to memory of 2660	4256	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4b54a54bda895c2350a7ca927102cd1e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffce39546f8,0x7ffce3954708,0x7ffce3954718
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16019951595901751795,10996450626136592144,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  PID:932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,16019951595901751795,10996450626136592144,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,16019951595901751795,10996450626136592144,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16019951595901751795,10996450626136592144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,16019951595901751795,10996450626136592144,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,16019951595901751795,10996450626136592144,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c00b0d6e0f836dfa596c6df9d3b2f8f2

SHA1
69ad27d9b4502630728f98917f67307e9dd12a30

SHA256
578481cd359c669455e24983b13723c25584f58925b47283cb580019ef3142b1

SHA512
0e098ab5f5772fec17880e228a0dccbbaa06dc1af14e0fd827f361599c61899fe07d612a7f7b049ff6661d27fdc495566dd20fc28ceed022b87c212bf00be5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54f1b76300ce15e44e5cc1a3947f5ca9

SHA1
c978bfaa6ec6dae05464c6426eaa6cb3c3e2f3b7

SHA256
43dec5d87b7ee892a3d99cb61f772ba403882ac0772423f36034e84244c1ca24

SHA512
ac26e5676c675be329eb62b5d5a36a0e6014ab8a6366684b0fc2a59ae5f061f596f462b82eb4e9f135d2235a0cbd4af96680d234eecc873a8397fd81507d277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4d195332be9ef18a7000a69be0ce71d8

SHA1
2507fe070ec257f41f15088e8eb0f82bddda7ec8

SHA256
0e210bad670fb345d4ba076f98d4c14746945a7513cacde0ee456ed85588a03b

SHA512
b8478c138477de2feeaf07b8804c57f6dfc7fd80120ba38564b8d3600b255eec83a9d68fb0bc618b06c4bff334391df80e74bf5c89c0841aaef710e932eb25fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a99c22643ab11ad22a8fe4102bc9f7a

SHA1
b344e1f2d84f7b875993f1fa3682fa5829da2d1d

SHA256
094cfaa347e7f26b3a5dc3858494a52729595095943f529f0b64d3c83f610097

SHA512
a1f860f86cf8af05fa563287618a697777737f4ba2e0e49e47233691fde1a547cb5bf9a607a1fa15347367494347795b4a20291a2dc99ec272e884e21ecdec2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
55cb23e16d687439596ec9970ba10541

SHA1
77b90ad8a39244ab902fad497f15446bae76b783

SHA256
226a80707081cc49fad8b2c7c6f59638a59b6c645d4d83129d9ca1042cb0ba9f

SHA512
f0e0b04af442908961e3c6a6ebed4428593728fff625872de230f657779d02a1afded2e9d1e003542dcc4692b671a75251d4cf4d7159286d97c77411a3a6beec

Download Submit