ec7b099cc7f990203ad69890bc780e1ea1907882910a2ae3bdf32bf2ae112260

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
21/04/2024, 03:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fe5734151e15f7264cce5c5e6a1a7a04_JaffaCakes118.html
Size

393KB
MD5

fe5734151e15f7264cce5c5e6a1a7a04
SHA1

be1b0268078d721e75554fef6cb2ce94080707f2
SHA256

ec7b099cc7f990203ad69890bc780e1ea1907882910a2ae3bdf32bf2ae112260
SHA512

f669e65bfd42d452bbea9dc969ec01295de411a3a3b073502ddb412299655d276d63ad042db1c2257c44f084fee5151c75d67af54533f31e88ca599c295f90ca
SSDEEP

12288:F5zSS0w7RbgE3Q0g1IPt23rl/ZslohtoG6rel8Bo:/RbgE3Q0g1IPt23rl/ZslohtoG6SCo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
444	msedge.exe
444	msedge.exe
3624	msedge.exe
3624	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe
3284	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe
3624	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 2392	3624	msedge.exe	84
PID 3624 wrote to memory of 2392	3624	msedge.exe	84
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 1512	3624	msedge.exe	85
PID 3624 wrote to memory of 444	3624	msedge.exe	86
PID 3624 wrote to memory of 444	3624	msedge.exe	86
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87
PID 3624 wrote to memory of 3672	3624	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fe5734151e15f7264cce5c5e6a1a7a04_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa917f46f8,0x7ffa917f4708,0x7ffa917f4718
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2240 /prefetch:2
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2856 /prefetch:8
  2⤵
  PID:3672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5583126112433580576,11775820477897273646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4764 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3284

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1416

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1563576cf468fd744c889dcb8cc5dfef

SHA1
521d13bc82b35c174d534ea058edfde2038316cd

SHA256
e935541d0b3d9037243144452c7f3ae843e91bd8077f7a894a679264e033d0db

SHA512
e8826a3c71e6e2defdde7cc201067122c9e7f4c42145ebf57e65c1aa01ca420726552de8b72989d1350082cf61a551ed83c85efe8d30769a0b4a6421bc5c55e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bf4d4a5a03d0b8f530855d589992550c

SHA1
ce8f77dfa28da9f59484416569493f7f08d13d5c

SHA256
4179623794d9f853edc3740c0a9ae2ce2d56d04b09de7c145298af5c439b796a

SHA512
dc96fb9ebbdb7cad8ddae46277602cbaf970644747e450d5060241d68813472bb6fb1feaa2285675b628ec33295e6246a7de68ce271de927ecd0e7bfe5fcb2fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
2e60ff328c6ac20b0aaacb819cf1fb67

SHA1
b6f2600101f51b44b7e0c43dd3da24c1faa00cdc

SHA256
97228cbb3b204f7e8aaaf8ac63ee1faa9aa056d4e924e12ddeeac7cd3231c050

SHA512
74a0e2f0595aa5d1e12a129074bf8d51bf56d3711104c2cb6fd7a446eee18aea2ce5b3dba4689c036358609f99e86307174f1dbd5470731cca2fddb2699a707f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
223b5452904d003ec749cce7d0311dc2

SHA1
cca28a3f6ddf50bc7dc87a9048beb867474fd870

SHA256
39f7de9bb89ac9557c5644d260d9bb46c114e7447bb06b543dfd5d9caaa78f01

SHA512
0257221473e3debd85923bb79a53e2d32378eee5acec97506180ad3634fbadcff4cc597e12a5b00d788ea6584fa5d21ecc422c2016a1fe1d1f3bf9b6f77a9080

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92b489f1571cce0eaa49117090baa187

SHA1
52375004801c20bc9ee6f1cf650fd236041e833a

SHA256
7023497e9e2cce966921278000c48a15ee9fce3fca6e5fb2fd53fd7bcbfc1a8d

SHA512
856f99f92a78ee24ceafd55b97e154518046d1686e271abb0bfadf7a5eef16346856680f445643c3d5418344c0d33236384e84b46821583773dbca1c8a27140d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e62e66ed8fbb6959843d8eb288880678

SHA1
8c3738b7b8a5e50ea7ec1da0ad257df7059cf74b

SHA256
2876afab3aa487d1105ffe24cb365500f96811f1beea63616cfe23f9dc47adcd

SHA512
2902904d083acd1f81d77cb84412b36181ed8a8785e113778777c4cff78aab4740afd504cfa3e60185c230333ffb8cda3c98510f3948475a9858e38cebd5dc33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
56311e099ce1ae1986c467079845fc44

SHA1
22e1e12e4f107e893f0e3b0778b80cb9b76a6915

SHA256
4de8cbabfe20889599fe5d076573d5ec2ad60b18d502d3df500489e0f5fce6ad

SHA512
17afa96faa5192766636e60041ea822b2bc5ce99313c97d4aa35f02d93cb95a7c622a442aa95cc2c6d03af9cdc49b9102db849f561a0829890bdc5c28161bbd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d775b86b69dbbcecba847aaf318f2371

SHA1
822aae137c4c8453e7ffe6e942b118404f55bbd6

SHA256
a61146ba3d1189881ca62652a5029d667c3f375ab9d506187cbcbf157d7bb6d1

SHA512
0195c24ab3e55899d65483d8863cb7a21622de602c523a00be626b153bf96131651aae838563c7811848c2dda6a77bac9440f8a32437017229231875703fda6f

Download Submit