0874d34315f20d7e7496285c5f1237dd91b2c4f03d5a2a877bdd9ed7eb7aab67

Analysis

max time kernel
145s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20-05-2024 18:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60ac618b27a8e141bd12881ce02a21ea_JaffaCakes118.html
Size

165KB
MD5

60ac618b27a8e141bd12881ce02a21ea
SHA1

133eb97c393024307ab639f28823423613e95274
SHA256

0874d34315f20d7e7496285c5f1237dd91b2c4f03d5a2a877bdd9ed7eb7aab67
SHA512

9a9eed0bf2f614c87eecec98a2121f7140858f2010011ff2f31febf4a585362ea990f8f09762f5de13630f637edc6baa5dcbf395f08c95b4d029b39e253fdd81
SSDEEP

3072:m8SF3VKUP13G4k5QhLpOatVoL63FHKQH+ljcV22wOoS/0Ib+b+FmKgMx3uf9zSho:mpt3G4k5QhL8atVx22wOoS/0Ib+b+FmB

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
1040	msedge.exe
1040	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe
1040	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 4376	1040	msedge.exe	83
PID 1040 wrote to memory of 4376	1040	msedge.exe	83
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 2676	1040	msedge.exe	84
PID 1040 wrote to memory of 3800	1040	msedge.exe	85
PID 1040 wrote to memory of 3800	1040	msedge.exe	85
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86
PID 1040 wrote to memory of 1728	1040	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\60ac618b27a8e141bd12881ce02a21ea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9272c46f8,0x7ff9272c4708,0x7ff9272c4718
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11731201958087079916,3372380409976864746,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4992 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1844

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
ac0a7e78c58a33e344c1108def66d915

SHA1
3b8e88125b6aa8f40c6a04e2fdae7a25ed877b21

SHA256
ca9a2b9e8b165509a078e8178a97301f1d61aafaef10b61f070fc0ef77f4da3b

SHA512
1cc2f060551dc835869372d853ec7ab73f68fef3ca9b4972b6cf553959ae143a4e3fcf011fe38e27e0d7707a83be64375cabdd7131426821ec6709b9940b853b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d52818f356e3c6d03049e79641f35c67

SHA1
174db0a9926a40537cf2c10ba7f5422fb8a0a815

SHA256
6d7be377b499e08574857f19870bb9560da8de4992479a401824c609a957fa9c

SHA512
cd5d30d2ac145c9b0bbbd9091061b70db773615c017d18a259b3af5637c8a6774817617f90a85490b1bb2f71a0eb686ee7ec32bc82ee058a354fdabc98cc0564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6ba0bfdc8b2af807771ac926d7d5ee2

SHA1
8abeb4493851f81b21f4cee4592562e4d20a1982

SHA256
8b8ab30b24716b74bef7e6a2f955ca04b2a01c91279fc7ac207895554adc3587

SHA512
4ce2b95d63f93b8ab721366a5926379ef797548a35e8b257446072fec82791657316add3b06bc61ac5492f853591ef2bd73d8cb6eb8be52c305ad596200f7534

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c9656e6aaa3457f33feb4eb8209e73da

SHA1
a87098f57b270071a4cdf89543d77692df961a30

SHA256
5a28f7a7104f5ad13794fba0bfe0f6a14294149b32b8547b4bb4eb7ed4d65f16

SHA512
37d1eb6c8e4a82d820c1fea5aeba67d3382e36503677e94d0845e3129f4dbd20b42738b2c9bb90eb9b7dd13d29ffd7d25f21085aa125de47ddeef39c625313b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
052f13ed0c5a3acb6b7be67bc1f143a7

SHA1
639df0bda36b3430c568889b22c4bbe4d0d740c9

SHA256
a59731fe5a88c2bfde8e8a8b11729239cb0ad0450708433231d0b1d5eeaea927

SHA512
024639cc81c23b601df81ee5faaf50107c78a401ce7e5cc5d1ebd2dc8ec8488431813da07058d33a86845fcf6880c6a58f7cf395772848931db6a8e4b12372b7

Download Submit