3c52bdf812310190cec125a018673269e83708be08d49abd3897b536aef3dae6

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28-06-2024 14:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a6bebbb4f4c7766b1da6ca32433df40_JaffaCakes118.html
Size

463KB
MD5

1a6bebbb4f4c7766b1da6ca32433df40
SHA1

ea676e005d47caad5d0f49efbf99f450da578201
SHA256

3c52bdf812310190cec125a018673269e83708be08d49abd3897b536aef3dae6
SHA512

39136d8c2c29687915059b37c1b2e54c3c67586f6255e0176fd2d6adb4ed05ca2091677c4ea8b6504d0ab9330168f6d1ac57477d1a2c021e571d27ed82b77bea
SSDEEP

6144:S+GsMYod+X3oI+YO/sMYod+X3oI+Y1sMYod+X3oI+YLsMYod+X3oI+YC:dk5d+X3sD5d+X375d+X315d+X3I

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

880 msedge.exe
880 msedge.exe
720 msedge.exe
720 msedge.exe
4992 msedge.exe
4992 msedge.exe
4992 msedge.exe
4992 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

720 msedge.exe
720 msedge.exe

pid	process
880	msedge.exe
880	msedge.exe
720	msedge.exe
720	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe
720	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 720 wrote to memory of 2524	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2524	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2480	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 880	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 880	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe
PID 720 wrote to memory of 2332	720	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1a6bebbb4f4c7766b1da6ca32433df40_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ac6a46f8,0x7ff9ac6a4708,0x7ff9ac6a4718
2⤵
PID:2524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12558131451532987850,14439721827639914197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
2⤵
PID:2480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,12558131451532987850,14439721827639914197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,12558131451532987850,14439721827639914197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:2332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12558131451532987850,14439721827639914197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:5052

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,12558131451532987850,14439721827639914197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
2⤵
PID:3908

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,12558131451532987850,14439721827639914197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1348

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
477462b6ad8eaaf8d38f5e3a4daf17b0

SHA1
86174e670c44767c08a39cc2a53c09c318326201

SHA256
e6bbd4933b9baa1df4bb633319174de07db176ec215e71c8568d27c5c577184d

SHA512
a0acc2ef7fd0fcf413572eeb94d1e38aa6a682195cc03d6eaaaa0bc9e5f4b2c0033da0b835f4617aebc52069d0a10b52fc31ed53c2fe7943a480b55b7481dd4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b704c9ca0493bd4548ac9c69dc4a4f27

SHA1
a3e5e54e630dabe55ca18a798d9f5681e0620ba7

SHA256
2ebd5229b9dc642afba36a27c7ac12d90196b1c50985c37e94f4c17474e15411

SHA512
69c8116fb542b344a8c55e2658078bd3e0d3564b1e4c889b072dbc99d2b070dacbc4394dedbc22a4968a8cf9448e71f69ec71ded018c1bacc0e195b3b3072d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
acbb7ee74e5f3692aef2fdf9872010ae

SHA1
551f81f9601d5a5625d34e57652b043be2d7bfc8

SHA256
0f0fe86697b0b598f47186e8e5ad03d17f6b50baf46c022bb51928c05605cf2b

SHA512
da34cd6e47446e50bde8d3a719ba32c2261def72f0ffb29a478a87eb76cdb88b2f8d3f0b2eb3ca25797bf8c250be93dbaf6122b68c44af298d3d8053de9ed932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
5f777d4d9d79e2e0163d659313a8f191

SHA1
51021dacd18f3a15858ec03375e9dd587d0dfb5f

SHA256
3b87d4dd3fddb5e7845444d0feaf9dcb2724e446917a63eec9adf8312fc47548

SHA512
906fb0ac500602afc62c78343cea368697f013cd9ea7038c1aba23229d4280851368db0dd17092970b6266972a895dc02237fdc27a99af33980c95b7969117c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
f37ad2fcc31dcb9ce962ebad9d63c621

SHA1
1cc13c53487a08d42cf3bc6697eb6a6e958055c3

SHA256
80235a105cbfd35a29d4f9cd0924192bb7552313d935698f476391ef87e126a6

SHA512
082bf210e73e1d5cce519ef259fc5f668e40c454f42cc571f921ad3642123cc81eeb85de7bd92dcd820f069836be57a034cce026645a3c6a1b36d39b8d696ab7

Download Submit
\??\pipe\LOCAL\crashpad_720_KEFEXBKXOEJRNNWY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit