6c49bcef3903d5056d73c65e373067d4e4c3e78a1858f2bcce6c3cadadc8a7f0

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

690bc6dcf8a39425b9aed3e837c301d2_JaffaCakes118.html
Size

111KB
MD5

690bc6dcf8a39425b9aed3e837c301d2
SHA1

67a1db3e7bf2febffbb7453009124b4933f743d5
SHA256

6c49bcef3903d5056d73c65e373067d4e4c3e78a1858f2bcce6c3cadadc8a7f0
SHA512

077306ba33c0e85ffacdb983f6327f231c6295982696bb574927ff5bb29c358c67697458a19583a05534387824cd4f8c7e5beb7e3bf7e936db18c3d9f9c34e18
SSDEEP

3072:7LF6PHuzz/omnIN+NbVXpza2hWimbuWPXKhn:kPHCXVbp

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

5032 msedge.exe
5032 msedge.exe
4260 msedge.exe
4260 msedge.exe
2480 msedge.exe
2480 msedge.exe
2480 msedge.exe
2480 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

msedge.exe

pid process

4260 msedge.exe
4260 msedge.exe
4260 msedge.exe

pid	process
5032	msedge.exe
5032	msedge.exe
4260	msedge.exe
4260	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe
2480	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe
4260	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4260 wrote to memory of 632	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 632	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1020	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 5032	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 5032	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe
PID 4260 wrote to memory of 1792	4260	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\690bc6dcf8a39425b9aed3e837c301d2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb611046f8,0x7ffb61104708,0x7ffb61104718
2⤵
PID:632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
2⤵
PID:1020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2540 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
2⤵
PID:1792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
2⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
2⤵
PID:312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
2⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10384120142219553335,6928101439695037769,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4952 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2480

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2496

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4520

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9c35c347-1ce8-41ff-9a83-636c0c8263fd.tmp
Filesize
6KB

MD5
0ab4e2aff6d8131d97f5e1777b93f056

SHA1
5331a4ea02948337342a5a9f15bcb5721870917d

SHA256
d014f1b586b6b623961f76b8c5934a9d210508af2112fe2e9a5e831047fd2601

SHA512
4fccebeeb24dbcbfdaeed7ca17aff2bf367231eb52f027587e323e22fdca08639d4e8d51ec64c838ccb10209e041be24bbf965df0e11f32e57c42d70bd15d2a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
96B

MD5
7b55416512277c61fd8c5ea88a7e0b57

SHA1
5c06da582e298c1ab6af71ef591a4f9d76328fe3

SHA256
cf35c276748b11a0fd216c8032d913da5455a014acca88389b2d657ce6a736bc

SHA512
f13f12fa65464b49a3d0d58ecad7c32fada1997ba13e0f50e10836e8c8f94dc5c64a723e6b36a7f7448d20cf017b8636612eca886bff4ada87416b5efc580966

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
0f9aa7a65cdbace920722206874f0cf9

SHA1
837cf225e576e830ae8a8b3551837e9810181485

SHA256
2d1bcc4ec39ae29e060a095ba3609c1dab615b136da448b27342b5f63f02b148

SHA512
d7d51c7bb613edbaa10b72c77d66e907ddfda62fd9674cc4db8cd14e880d3ff44da75e47ea3c9f5b06099501fcef3933d2380a0344815452f0b8e5cffd523749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
24fbbe42e2ec1fcfddbd73620d3496b7

SHA1
6348bbcc330ef28e63376954084b937c128a1329

SHA256
a16da6852e6216fdcfe626171dd831cd861ceaa2503ff3199cbb84f75a59c0f5

SHA512
8b2d5279e18de96485ae5b410844a5af44eccae92e97ee66e642e0a8f0007d892a3bfb7f7dbf5893ede6957a5dc8db5a72bba96011539d6a65b16f53ebb7491e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
927717f0b87acd6bec892f5597d85eff

SHA1
a6b0405b6ea58dfc0902eaf9ea169541683a70de

SHA256
616be106536dc96ac6e1341420cc602048a8b09ab3326837099aa3b6ba13afae

SHA512
2a9ba4a998103f688e01293e084257f82767a576efd7ae383caf7ce94ade126dc68e10322ea714945b8c5d64fa7c870988530aeb7a0810d1f013f023b57490ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
0713f086d69522ded72f994db712ae2a

SHA1
1b7da29899e07619144c441a6698806d3aa40860

SHA256
f9558ab714994c11b8f720080f4f54f767b290cd11b20fd00d445be4dd931a9f

SHA512
0799ad10521e1393d66200ac7d0007e4e7dfeb71a2d51db201d856611f85ae279047e923de8be6d65aa2e876ef28dded7b0c2a4827f4cbe82469c5662b5361cc

Download Submit
\??\pipe\LOCAL\crashpad_4260_PESEVRFIBFUGEAGQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit