0f10307ce47703fe9cbfcb80cf0da6fc5790957423af9b99c1fb0b170ea678fb

Analysis

max time kernel
145s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65be8705022410c66cc8f8d48a144a04_JaffaCakes118.html
Size

71KB
MD5

65be8705022410c66cc8f8d48a144a04
SHA1

be49a71d8f26b7c531410c6225f807bbb7ee6c1d
SHA256

0f10307ce47703fe9cbfcb80cf0da6fc5790957423af9b99c1fb0b170ea678fb
SHA512

0adcda75d5bde2f8c44d26dcb82b072e37a30bb6f7dfd7fd60a5d266a0300c08fb0ade585a0c71019f84e2ba7f72a82829ff0f6a66a5889cc91e941edd4ca2ce
SSDEEP

1536:JWkADkAZckABKQbZkAXhTcr0IPGNMxZPdJXxPTQakAm+S7vFSBpQucfA4mJ0W1PY:0kADkAikAIGZkARTcr0uGNMxZPdJXxPK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

536 msedge.exe
536 msedge.exe
4876 msedge.exe
4876 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
3336 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

msedge.exe

pid process

536 msedge.exe
536 msedge.exe
536 msedge.exe
536 msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

Processes:

msedge.exe

pid	process
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe
536	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 536 wrote to memory of 3088	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 3088	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4664	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4876	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 4876	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe
PID 536 wrote to memory of 5040	536	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\65be8705022410c66cc8f8d48a144a04_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff956ee46f8,0x7ff956ee4708,0x7ff956ee4718
2⤵
PID:3088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
2⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:4880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
2⤵
PID:1040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
2⤵
PID:3876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,2622299434937496890,10850085124990814865,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2280 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
952407c9f55ec6f1e3bac1d0d28123ca

SHA1
aabadd44deac2bd4b6ffd53ad15bf95c72067128

SHA256
36f72331a61feb7600db48372a0b26f3ccac5d0a8a45e6011b0c7697c89ae1bc

SHA512
7322c48ddd0460bf1cbdea96d01c1278aebd2d4f2c8f5b9f8cfd08478bdc6946047cfd5aa7ae8089e2d825f4c8cadf93c103fdb00864ce8eee51002f6bdc8f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d769b59a4e471c2244aa6783db1d0a1a

SHA1
26919b769fcb7ee37f8c3e98c58d9558e0b6202a

SHA256
b52e44956db35dbff720bdc170d7a065ee24a53a70e6abd2e6a12d21d0cc0ded

SHA512
aa89f45bde7a59a631f62730b4650dc1dd6c713d908576bf433288ecd2b5271497a98692132f31dfdb8736e952915c16bf552a8c2bc7ad3d62b4c0757d5c0e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
c1232878d3de365c8bb4a21531afbfc8

SHA1
7cd7ed00b14ee1050995aae1ea9f3e17b650d40e

SHA256
63fc5a2e0c99580ed8e31a709e8cbee463f764196e06b76ee610fac4627c8885

SHA512
96fcb486552db8844e89a3ddf5798dde1c1b3e6b39f66788a62de46470ce37981e1acf3045b8f59b89f020bf9ddcc12eeab028e5f8bcc4e0ba1cae1c5c07449e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
de772cdb4b9bfb726b4f0b975f813efb

SHA1
b2d627b9f1e921dd420b65a893a4c98069198c55

SHA256
0ad9ce70d2fdab249e5b0bf29a4165ccea721a428a8f89f41c2b1ed7752b475b

SHA512
65d3fbedcab9cd1abac88fa5c369e135ea46cf161f847ab8f0c6af8fdce4a76515af3b775d20f94c653180acf3f8dc7f9e2833f4e02863f7c199e330b563c3f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddf57d98a45de6bb2fdb6fe01e978551

SHA1
743edcfedf1522c33591c51c5322c170e9bdf0dd

SHA256
e6e9b20f3d6afdf37941e8f86f23f99a128d3e07668ee736acdc5dfdac02d224

SHA512
d2b410a7bf3a6b0f6f77e3746f18d51f0d7e94894f2973a91713a4f69028367a59af41bef373419bed8a5d267f6f42005b346167c40c2a16c38eb476772e438c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7d49491403b15608e006b5d2dbf48572

SHA1
f41f7c51194955b21af4bf9b3b9b3c8d21518869

SHA256
4b1d57aa76524a40b0844cc06b0c8e6b5ba6de97127a544360a5279eec312024

SHA512
3882fb2ff2f4c88ba56e8ce9bbfc8c845ad658340388d3c4d26368dc19e828df0d150b8c8f14dfc32758467d3e3fe224883790bca8459c6f2ff7e0a68ce01605

Download Submit
\??\pipe\LOCAL\crashpad_536_KBYFAAVWMLZIWHRG

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit

pid	process
536	msedge.exe
536	msedge.exe
4876	msedge.exe
4876	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe
3336	msedge.exe