a988efb4701739d564c918b731a47831518ea1475031c5b505d775dae2b71a4f

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 13:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6778262920b6088354673ace48bc5c05_JaffaCakes118.html
Size

241KB
MD5

6778262920b6088354673ace48bc5c05
SHA1

5465d8cc16545eb2989face0a153442db6b746a1
SHA256

a988efb4701739d564c918b731a47831518ea1475031c5b505d775dae2b71a4f
SHA512

0a59048cec7dcecebc1411f8ef4dcb7df5ae3776201a2e46b833375f92ee83d8d7eb1d6b635310bf71ecac599a826558d1bce5e29d80504723668e5c988410d3
SSDEEP

6144:mM2V0pUcfRaNrXTPmFtcnepIrychZuTd2U3uiOMdmgczZ2HIwhkjqOmBSw/Z1PeG:aCkM

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4580	msedge.exe
4580	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe
4940	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 2956	4580	msedge.exe	83
PID 4580 wrote to memory of 2956	4580	msedge.exe	83
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 2016	4580	msedge.exe	84
PID 4580 wrote to memory of 4560	4580	msedge.exe	85
PID 4580 wrote to memory of 4560	4580	msedge.exe	85
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86
PID 4580 wrote to memory of 3292	4580	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6778262920b6088354673ace48bc5c05_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8797646f8,0x7ff879764708,0x7ff879764718
  2⤵
  PID:2956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11827223743218677516,9897457007052778451,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11827223743218677516,9897457007052778451,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11827223743218677516,9897457007052778451,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11827223743218677516,9897457007052778451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11827223743218677516,9897457007052778451,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11827223743218677516,9897457007052778451,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
191B

MD5
737fae5dc1f150d4cb38f981a0bec95d

SHA1
9a9f185d46ec72737eb339c716cebcb772846c8a

SHA256
8beb45e7f248d61f56d86135a14dfe1bcff93eb70b647664787f2fd0b8e10295

SHA512
15b09a2f1fb115f68a82bf2993306e6b9e44ce25336dbfe891500c40c02c7ea511a3fef3792b1f271800da832cf084ad99aaba097f57b53ad5a505306dc724c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d21e492934468ba4815e3486fc7ddb33

SHA1
2342674db3751f356fe692e3b17c699baa7710db

SHA256
aba4bb63920da2f552b9aca2511ea259d503bbc50b264f762e8f7f6ff4a462b9

SHA512
4c7b5c0a2d7b22d806ec964e65fa0b96e4dbbe2cd9040bb550baa5b50d627cba50687ec355725545250fb116c165eb77a61fcf90eaeca60283895c0ca1e84f94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3eb954f7842819379c848d5b89a03864

SHA1
5d7d54c3c9990a432b52e2c38819c4b82fb20023

SHA256
7c36919dfba03e50d124f71d0e958fd2a75d4ae1fe6b5fc3b9c7201a66e17a33

SHA512
0e962049be820a3706b2e53eefcb24314ca631ca1e6505dc2de173f8a7c8649731bb9b8c319c4dc76887cc54aeb6e05f1f763bc37dac99c53f67ccd246a2ce4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8ff9a1bffccc216b770f009e19b1cb3a

SHA1
87a0d025c57c540f1929edbf0976e8ac84d6fc7f

SHA256
fa2e26da6c708106a4769b216a379840c8dea6c2752baf2f251666bf2a18ab94

SHA512
bd9156079a37c8847749574ecee309420f832476ba3de5a06f1273fa3a46abdf426fe7c7aad51052be7f9331feb4faa5cd9d02e5de701f035cae0227c314f06f

Download Submit