e63b4860fab83dc79f92be087ce0204b75faf7d45882d181d8149da6ff0dd496

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 16:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fec1b6b5656df03cf7a0717f6d71ce9_JaffaCakes118.html
Size

426KB
MD5

2fec1b6b5656df03cf7a0717f6d71ce9
SHA1

62c9ea1955de1844dfc1c47eae1b86f867abc3d3
SHA256

e63b4860fab83dc79f92be087ce0204b75faf7d45882d181d8149da6ff0dd496
SHA512

22967888386902f2d746daabf1c6632ba2b2f51356d4034a58bddde322feec0f4c4727c01cf2633f85a6904659ee5232473b7fa3561c1dc6add8679900046f25
SSDEEP

3072:W5Gtrh3f9N7w4xqo6T7SU+4wc/U0Hr6UExlglURhM7p/B3p88xV/yAB2xp:WMh3f9N7w4xqo6PSU+KHr6UEgppzqF

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3332	msedge.exe
3332	msedge.exe
1676	msedge.exe
1676	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe
4764	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe
1676	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1676 wrote to memory of 4940	1676	msedge.exe	82
PID 1676 wrote to memory of 4940	1676	msedge.exe	82
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 1292	1676	msedge.exe	84
PID 1676 wrote to memory of 3332	1676	msedge.exe	85
PID 1676 wrote to memory of 3332	1676	msedge.exe	85
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86
PID 1676 wrote to memory of 1964	1676	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fec1b6b5656df03cf7a0717f6d71ce9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdbd5146f8,0x7ffdbd514708,0x7ffdbd514718
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8398758056832022995,1964343425769589853,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
0ac4e7c3ee87cc83e485a532913c105b

SHA1
e0b86fa9648971a40708c61a01b4261c4a400667

SHA256
69b3a9ec83e7ca082d377422ca34f5082773c3c373ae940e0cff59d3b9eb3dad

SHA512
0b8bf7e6746338f68a538aefa068887350d12fc09cdb4afe32367e377b89d7e6f5c8bf16cd571d69a7478bad3a8462e2306655ce0ddc98280cd8a4d4bcd7547b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fd3280991a7fa944d321958865131735

SHA1
5778c28e57098136266e3b0de8a769f1f0aaaf1b

SHA256
44203c3b901fa624b450ea8bfeed897f759b69d3ff830b90e55c0c88f30cc344

SHA512
f66748583d5b1ee94fc493fdb32d347f59562591a6c15f084139197331e06b584c1a6617252acaa7da752645690a85b4386cf97671dea6f7617b7c2c456b66f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0924c3414bb09b05f7fb92fafc42378c

SHA1
9e5e1a6c3f11721b3d2043ad7e66efbce37c1d4c

SHA256
40e1eb712181af2bc42b2d03c89b983eb3dd020e72e28b5b3e8ace09fd056397

SHA512
4b36d6fd1117e815362ef982b39dcccb13dd27f1d97ecf178e235d782a88d92e469f154dad3e0bea7e1fedcd55ce15c8846b820c8f0543c40697f49fd8ade84c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
47c964e177abeab22704e702f9308258

SHA1
28f3bcd4af1460dc73433d00877649439ad57bc6

SHA256
91180c69a420c5c1a81c0dfc5afa8245aefd002798e795e5b203d6a346e4b2a3

SHA512
2ac0f48dc1d75f6b2f910c05eb6a28ee58426e9c74fb61331ce84e8fdd2f6b597759b8b4d20b920e412c740e075d3070c66ca92c81569ee6d3d281efab71b5c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580cec.TMP

Filesize
203B

MD5
7590db69cf80c0851b9df1e2a8f8ba1a

SHA1
589908e59a53e1b357dd333ba71cb508a04655c3

SHA256
700d7f57962b9f384569887b026ba5dc87a6e0ba21b8a21b9896eba1908eb512

SHA512
9ce97de99ac281585cc4af8f097630eddf269e328685af4509b6d295c2a0bb2e99d997b4cb178eeac2b67cd04aec5cffde582521241ee4c130d06938ca2c1f5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b900ce5bae27f348bb858cbfb1f70d8

SHA1
b15057e75369ab8e2fb34e6658adbf1df8636f72

SHA256
a9be5f69085d3b622a67aca064b11c427214d8651f0fc653fab2c2bda0fdbef5

SHA512
0f11f13f6c08e7bac5aa8babe94a84d00b0742bcabb56387934537983cc3b36599218637aab6b25cbf4c6b689f558511b9ac504eec2a51e767a8ab558031fc44

Download Submit