79c8701972f7c01db891db8cf0948a677a4ac8d00079a0c84e66cd9cfe714e0c

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 15:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

258ca24b7a83dea11ffbf076ba735a31_JaffaCakes118.html
Size

186KB
MD5

258ca24b7a83dea11ffbf076ba735a31
SHA1

79b78754566db35d4763cf77cc0e342522082a01
SHA256

79c8701972f7c01db891db8cf0948a677a4ac8d00079a0c84e66cd9cfe714e0c
SHA512

c10956f142d6dd313b87bf518e06d2a6febbfa44dde921d6d4ff5cc46331dc9487de8cd25cabff54607f221f582bf9ef3497dd0a59d9a8e0126dbd957061b7cc
SSDEEP

3072:uF5m33VKUP13G4k5QhLpOatVxCbZ6SeLQ48orEW0eMWz9iHeozlljcV22wOoS/00:aY33G4k5QhL8atVAUii22wOoS/0Ib+bS

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3132	msedge.exe
3132	msedge.exe
400	msedge.exe
400	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe
3068	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe
400	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 3664	400	msedge.exe	79
PID 400 wrote to memory of 3664	400	msedge.exe	79
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 2228	400	msedge.exe	80
PID 400 wrote to memory of 3132	400	msedge.exe	81
PID 400 wrote to memory of 3132	400	msedge.exe	81
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82
PID 400 wrote to memory of 4488	400	msedge.exe	82

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\258ca24b7a83dea11ffbf076ba735a31_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc767346f8,0x7ffc76734708,0x7ffc76734718
  2⤵
  PID:3664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,13971914565866601243,11438803698205975522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1680

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
3c7b7655de6c34e3069b3d100f09bb39

SHA1
947d6b91c5c4dad9497d8528f3beff3dc7102836

SHA256
cc816bf55b60476ea347810def550fa6bfbf6ff21e0c56765210bace77465a18

SHA512
4dc2cdba5559897f9ebd07d4fd113d95cb1f3761dd9c61e9e79afcea87534f6569394bc576f652b2dfb79fda4d1a039bb00d460a1e09172388ca149b7fb99844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1018B

MD5
0801a33932b4705d0a23c38877b9a519

SHA1
e5af327dd0358e2a4ec314a62a1e3e9aaed606ac

SHA256
30dd0c29204bd50bf85697e90c3b42330a480f029eb95aded41ddaaac6ca4c3e

SHA512
8d6bde4b19e77fdb05c35a0fbb793d3c8d9186eef498f1729c5813406bf842eb5ca0c66319fa259892420a4d06c0abfcf41c4f481bd8124eeb2b25d5035f38bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
09ee9ab91b43022932713948e4606b1e

SHA1
a533b7b6b549e385dfa278dc8d868c3ec08ee634

SHA256
b1944eed826f663f8c2ce270e9f8be4a286e3981490d47316f1313ed14c1686f

SHA512
786c5c2abe1b877d2fae449b9be46f18c82aa7037b55d5b8f42e5dc74b10eb9dbd77dd0b5e887ceb19052cadb7caadef3083a933a9fbb71af580d5c8eed9e6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
00fe734ff0bb9ed43f5d159659a83b63

SHA1
6358cd32444d7d1f2b109003f778f069448c704a

SHA256
1d325787652901abbd3f8e7b237c4a7df2eb758d321fa713f903179d291bfa0f

SHA512
23cb4d2332fe9572e4d6b5869c609d0825e324ba0fa5889af09f83c2179567274998a23453d9edde323a43611ce93126f801b78af681550545a5ccc9e52a6f19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
16992faffdbb5448e51acc83ac458f40

SHA1
d20783df761fc092fca5091008b4132505d57597

SHA256
64893e2aaace190de80be1a48d6d9d2d88eb0489d58efbf410d2479fff511be5

SHA512
9171f7f6ed74e721c983d1624a60e0936eb2d48ed733c70dc5ebc70f1e82a47edfc97070c73c556164aad32438e87c301858ce5866953e73cf9ab9730a62b6c9

Download Submit