a0beb4176493fb9bc81f8b2804dac611f0dcb8fbb8e5fc8261400619a6497f08

Analysis

max time kernel
141s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 10:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

298ef9dd4a138ba3b996d2a773d623a0_JaffaCakes118.html
Size

29KB
MD5

298ef9dd4a138ba3b996d2a773d623a0
SHA1

4713fc3a1d25ff47022775e387c64ccc047e2d31
SHA256

a0beb4176493fb9bc81f8b2804dac611f0dcb8fbb8e5fc8261400619a6497f08
SHA512

4dbaab5491a8ff3e0e53096bab6b3a83239c6120f1ff08571e7194ed9c2edcee71416b5ef338539f6be5df2c4bbae2ea79e7a2e0dde6a849044e7a0917dd2ca1
SSDEEP

768:SDCwHh9v1tn/Kxv3KYib4xEbHR7HsCQHxHGHE/vUJ0QMct2dPIIbY1:S+wHh9v//YNibYEbx7MrRcEXUJ0QMctL

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{B17A1710-41B0-4E25-8220-6881029EB2E5}	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 4668	1012	msedge.exe	108
PID 1012 wrote to memory of 4668	1012	msedge.exe	108
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 1544	1012	msedge.exe	109
PID 1012 wrote to memory of 4404	1012	msedge.exe	110
PID 1012 wrote to memory of 4404	1012	msedge.exe	110
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111
PID 1012 wrote to memory of 2608	1012	msedge.exe	111

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\298ef9dd4a138ba3b996d2a773d623a0_JaffaCakes118.html
1⤵
PID:844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4892 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:2388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4608 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:4672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5720 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=3920 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5532 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:1
1⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=6092 --field-trial-handle=2356,i,13261194862334667799,7441241219475888176,262144 --variations-seed-version /prefetch:8
1⤵
PID:4596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x248,0x7fff9f0a2e98,0x7fff9f0a2ea4,0x7fff9f0a2eb0
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2376 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2408 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2528 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4392 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4392 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4604 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=560 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4600 --field-trial-handle=2380,i,3151913909099266534,5782812581742414951,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
244d927f0b9868489e5d18bd46c3268b

SHA1
db0e9cfd42336d7ed07848c5e2950b94095b86a2

SHA256
622c1b0e5ae50c36ee6fe6feeabac4b7d34441794b4f590c55256c21ad4dfb82

SHA512
d6303364a02d3d3f2b2f1b6b2955bbef23ab03fdd868c8e1fed2e845fb6b99e1b6af8a75c8d657d4730642948bf15794db34605f411bba29e3792bcee66ffe59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
9769e913b997bafecc79509d68a445b9

SHA1
9595aa34e008a56e85ff888a8b8095801c3da8a0

SHA256
d7e39e9c8e6cb31101e771d119df8e9701d148516025c1b3116340c6180e4fa4

SHA512
ebe2f5385eebc010c1614ecf30b58b8dd96865da54001623b952d81f05eb723475e79ba52524f53f8f849bf1b7c9aa0f9f3fbe8fc1cfbe1166a80dce931c4516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d7160214-5f42-4a22-95c1-c278dd7997d6.tmp

Filesize
11KB

MD5
2c6ba90deac44dfaedda62e1e50bf79a

SHA1
cd34b7c064e4a147ec14853b0f6e1cfba8e7f466

SHA256
a8efa4dfd0e13df1ac3fb9765ee21b5aeb012afc4c03cfa1a32cdcae3ea66d34

SHA512
6d92ae8061166312c228df0f508ef05eb9250929ccf6fcfc48c0412af4e1b96faec107d51d35e520f311cc1581e3763a29b305e2a5b50dfc69f640704a7dfc78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
58KB

MD5
a52689c0fdc3099a641cc4ba8207803f

SHA1
01008450fd64b9dd5779d21e9ac3bcf2763e8a04

SHA256
dc94595d682d8b1a52cb3ddba7e90875f32692d7e9d6510397040007cd8fe30b

SHA512
8f41d567e2701e5001b75255282aaaa7eb89b52918e1e3dc285bb68f8d82670f745f0ce27bd0c5468f13c35a0891312920515099df75746067834e03f5fd8edb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e32bdd76-4770-4b3d-aa2d-23ca0187e106.tmp

Filesize
67KB

MD5
e876a5a064d73d155bf2c04c394e9060

SHA1
1ff92da1e8ec1a57778fe7d7d5ce289ab0682f85

SHA256
0201ed250f971b520c16af2392be7c05e50d94ff7aa44130783ef2de3a7bfc8d

SHA512
0bda240c56b86fd6dcca0e4172727208d9ff0ebae73f6b168ad7fc3bf3e9ac091b0803d49681ad3e47acfb03e65855ebfcbde67523d2abee497c8d2bdca251e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
127538c7aad9ccbbde815e5b50db913a

SHA1
df19a013e7bcacbf2eb50e2db11a37e58eff251f

SHA256
c14baae67a1b3dd929f6a639f4cf3202d43661290b9765679f4da5cbcf3a648a

SHA512
eb2edb9b02ac25abd1d78ceedd7164c90800cf154d60c6b6319396e2f321eac13bcb47cb4b1909cc798fbb22f3776a7bfea5473205868d7b3734509abc9cafb0

Download Submit