6f1e43a3f63f893abd0df0cf91e4de9224ef529d62a2eaf4cedbab33bda98ee7

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ec33b5d9b6000610f66b1620827858ac_JaffaCakes118.html
Size

30KB
MD5

ec33b5d9b6000610f66b1620827858ac
SHA1

d46c862eb6fb9b8f5fb99f3563d43042d5e61a3d
SHA256

6f1e43a3f63f893abd0df0cf91e4de9224ef529d62a2eaf4cedbab33bda98ee7
SHA512

6549dfdfa4fa2fe61cef068f79b7ebaa8f0a14e50d180d97588506ff8a965c4f7edfc2df50c747dc1617f8a7281c46fba76035e3ff44b917fd705ac8782dc207
SSDEEP

768:SpRkzcPJ/6+/lHNNJBOAZ8y5rwI5cgg+GV4bIE2VgRbIO3IflcaPB4r:SPkzcPJ/6+/ltNJZ8y5rwI5cgg+GV4bP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3616	msedge.exe
3616	msedge.exe
2776	msedge.exe
2776	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe
3248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe
2776	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 3116	2776	msedge.exe	84
PID 2776 wrote to memory of 3116	2776	msedge.exe	84
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 1876	2776	msedge.exe	85
PID 2776 wrote to memory of 3616	2776	msedge.exe	86
PID 2776 wrote to memory of 3616	2776	msedge.exe	86
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87
PID 2776 wrote to memory of 4420	2776	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\ec33b5d9b6000610f66b1620827858ac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8489e46f8,0x7ff8489e4708,0x7ff8489e4718
  2⤵
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,13260943415715960091,18400509349352903654,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1384 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7c6136bc98a5aedca2ea3004e9fbe67d

SHA1
74318d997f4c9c351eef86d040bc9b085ce1ad4f

SHA256
50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

SHA512
2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c6aef82e50d05ffc0cf52a6c6d69c91

SHA1
c203efe5b45b0630fee7bd364fe7d63b769e2351

SHA256
d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

SHA512
77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
186B

MD5
3d4a9764d19b61b0694820519487d772

SHA1
9176064da48c2d5aff4c7fb892c4f15eef409102

SHA256
58b9962d70c23bb38b8f849df7315de0ab684adc29d41623605b49ada2215f41

SHA512
f4153cd95016a1538ae1e6ef259c2b0be0bf296626578a9bbcba862e354df2ea7660724d32c89229bd0b8efc26f4e29b43680d262eb620bb6358922d924c1abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a2b9f1c5c14bd1921aabeda62fcc838

SHA1
06d11707ec7ac7174213c3a10d3cb9a6a274b36a

SHA256
bdc865100e6858c0317c4df748402ea0adeef8a7fe16d53dfca78203b895d815

SHA512
51c71486ac008419f453def8e9b39780a767e39ff9d7b76216db0b2c3883e05010f5abdabd7562c0e07dce7039fcab1d86856af192da1f216d8408a2612bdff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9db9a119e5e7bb9d1d595e9c47cbe661

SHA1
dd0c0b74134f1f86185da61175a5457600b2fe10

SHA256
a88fcf769698cc1c5bfc53b8bac21502dce19f8759a3dfb681de2431e6995b9d

SHA512
46169ea63574bc1b9a414da28a87cd69107889d0d80e3cda3c7f0cab51131fcb266d303d95b8703926318e79950dbd3a22c869b88cb412a6d28c0b2ebfb90adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
165df2466f56ae338c5816df9570afec

SHA1
ceb848fa75caba54788c9e6ad8a148160cb17969

SHA256
e78a9efaa832a672af107d17c6814c2bc6c94c256babc984df52a3585010f623

SHA512
4f77608fd5eedccfff02ac38c89b9284a68a66241dd110de1a5f7cef33fa608d04c577e40fec8a9a665d66fbd793a2827c92f27f1dfd8527a16b25e29eff52cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
679dc27b7d2acb82739f5e7fb0d5cab9

SHA1
99df6d2d1d9afa808ce840d9b733ce1f4a7b7199

SHA256
3d710ada93b74d0900f436e91b813d2960875d930edb9c7461dc0d5096178221

SHA512
8e915a1f81bcbec04571ac6f8ff65cd809702ecfb71370fa0672fcb792b6bffc591df486be3790ad82ce26a62d4c062fe633d38ff83166b1764398aab7db3ce2

Download Submit