e688b90a1a33dacd10f88019e58f56fbe9cd967c6c158b719f45e06e9a13152f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6587fa09d4c422d5a286a29b4fffe0af_JaffaCakes118.html
Size

48KB
MD5

6587fa09d4c422d5a286a29b4fffe0af
SHA1

c3928464f4fb6e70e121cd95d005377c7ba77d8d
SHA256

e688b90a1a33dacd10f88019e58f56fbe9cd967c6c158b719f45e06e9a13152f
SHA512

d6bafdca49fa93ac92ab67617243e0a2ee3a6e31808ed8a30755fffe1f84e7ad9a2892c8f82598349d5a32fe8b8d560bd00d3a96437166ba6e6fc27682ce8a1d
SSDEEP

1536:tWg3ByNmu24x+/azJdkpMPTujjzf1VnnUMMoo3p9qxi6+YlFFan1IRVhk5LKJLad:tWg3Bywu24x+/azJdkpMPTujjzf1Vnne

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1456	msedge.exe
1456	msedge.exe
4316	msedge.exe
4316	msedge.exe
2256	identity_helper.exe
2256	identity_helper.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe
4100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 1624	4316	msedge.exe	82
PID 4316 wrote to memory of 1624	4316	msedge.exe	82
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 4228	4316	msedge.exe	83
PID 4316 wrote to memory of 1456	4316	msedge.exe	84
PID 4316 wrote to memory of 1456	4316	msedge.exe	84
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85
PID 4316 wrote to memory of 2032	4316	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6587fa09d4c422d5a286a29b4fffe0af_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f93d46f8,0x7ff8f93d4708,0x7ff8f93d4718
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:2180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,15858640211908687411,11161142116504218199,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
827B

MD5
774474f2f60181d01f982ddf4d695feb

SHA1
9ee082a174eb559963c15eb4780835264d15cca6

SHA256
0ed5b4a5a6196da568b8f5f5dab011cae7f7438f3b8a279bc6d34812a549489e

SHA512
9150f56ba13db66e182805f80745415f6b388b5e4059a26373d15a766a7ab71cadbfea8d6b4c3c6c3b8e10d4beac292f0ada9720d5d278875040360783c6928c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
46d35c3724d110b22ec5ea38c6552697

SHA1
2daa6bb32ba02b5db56e32abce45b632c007c467

SHA256
c13457f8ae0729ad75c3a21577444b999961e39c2124761cb4bbb2ed6b9f82ad

SHA512
28472c7c8184d161d36e8eb193a63fb07670c193f75036d0ebee301bebdfeee8991f5751bacbf07a3aaeb75681ad9100837926c9fcc05970b501b4c34a98eeea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5598b089c7a1050b16f38441bea305fb

SHA1
5d0542728ed4c5a7d6dc039870cdd780f212071d

SHA256
8776cfe255891fc5fc5cd0f7365193231253a60ae3a681eda5be4df78b58c3df

SHA512
0523c679e5f9bddfd542d07b6260d9d43ca2645a3305f4a80323b1322775492021f9b4cd46ad429d2361af57c1c1669ddada213366403c9e52a4c453173e317f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c47e895c49e3156462772d502830128

SHA1
c7b9868fe50602118cbdbd141c1c6a1fa115e0be

SHA256
0276304d99dabe47dfc24d8d7faf0a0d415fc5f0f2a454e3f5ba465a29574939

SHA512
a40034ea908575f28947c78f7213f461a5f006886ea37d9aea72648c92770f298a4bd6d37fcda36fc62966546a7d65af00e08078fa0aa39c22a8d56ce085525a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8b24c7c28b09e33721a47aa4833dca36

SHA1
5359141664dcbc8c768d408c8718fe24bce15e0b

SHA256
d2ee1dd47219552323cca9ae752c3fb0c8fb0ea991f6abe5523fee4a4423259c

SHA512
bd7250e6930ee9bdeae1a40f04a280204e3dee7b00b35425c065841057133b64c8eb7ae7c1ef31223a2200c235ec0f3e6183f82fdc88d612d28f6abbbc3f4e96

Download Submit