4612f01f8cdf09668448fbff7ba2160d610f68fe45f42fae0a6dfbd92d5d6bf8

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 23:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c8e722ad03fcec63961ca6b161dbc3d_JaffaCakes118.html
Size

18KB
MD5

6c8e722ad03fcec63961ca6b161dbc3d
SHA1

4bc3c83af7e053b0215025710b50fc2a99b20f6b
SHA256

4612f01f8cdf09668448fbff7ba2160d610f68fe45f42fae0a6dfbd92d5d6bf8
SHA512

42201d26b5aed7e39af1475bdc162dc203805c2818f5a48c284bfeab8939f32b024d3d2586ffc15b532538943970c8be4e9c070b40c6ebc4da38dd201fb0eb54
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIH4VzUnjBhHJ82qDB8:SIMd0I5nvH9svHixDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3976	msedge.exe
3976	msedge.exe
4640	msedge.exe
4640	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe
2596	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 3168	4640	msedge.exe	84
PID 4640 wrote to memory of 3168	4640	msedge.exe	84
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 4776	4640	msedge.exe	85
PID 4640 wrote to memory of 3976	4640	msedge.exe	86
PID 4640 wrote to memory of 3976	4640	msedge.exe	86
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87
PID 4640 wrote to memory of 2724	4640	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c8e722ad03fcec63961ca6b161dbc3d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa127d46f8,0x7ffa127d4708,0x7ffa127d4718
  2⤵
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7750330878302257549,1712706157903509750,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,7750330878302257549,1712706157903509750,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,7750330878302257549,1712706157903509750,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7750330878302257549,1712706157903509750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,7750330878302257549,1712706157903509750,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,7750330878302257549,1712706157903509750,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ff21a08408a16860bc190f144a21a92

SHA1
52bdc93e3f6d348b7804de68ad5561ff7a5d5197

SHA256
e1ebee75e85b091d3875e0d11a6eb18927f34becbd6480d4e5623713a878218d

SHA512
5df96ed3b2cfd923aa8adbbf8af8373918372f514acbdadf186cc01576a5b04e7e14dd988ef56c1d97a2cb50c29a737384647ba09e7255c71ff2fef2d5974695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7fa54fae7e3aa59b9b6fd0d47ac3f506

SHA1
06c66646ec5d9ffcb87bbb7f037b2039d0b2c80a

SHA256
9dfbc7358a44b5d1b2a20c6cf43c3f8711acf7da181156b9e093add6833aac7d

SHA512
abe597f759e75381900cc9d2ae3b1941f46b8e0c0d7b76b7a16057d1ab518bd724b539f6d7d092acfb5295aafb961d3a56c2b763f82f1c10a58576426f91d214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
261f856e472266ed0209623bd98f7d0d

SHA1
840c82981bc6d860beff9b2b77ebb794ce34a6de

SHA256
2f3862b9fa36276f52ea1f448e171778ec955d8b73393e6bfb9dbf55034d4596

SHA512
b2145cc5bbaecd9e6d90be9398fb900d35cb7bcf116df0d51d084c4d5146173bcffa4e4642e57eee2e5735b6ab4da86dac5e171a117430523da523c5fe8a5273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7ca9c0078a430b562fc395e29b06cdc0

SHA1
24760a8ee21863d950adebe4f0baf8738e91b548

SHA256
56c6fa09271fff25eee7aac2d5af0260ac272231adb1d2ec9e3e052729c600ad

SHA512
3604fc8f729853ef17d419d381f9a89f4302597910e7da0581c2b3dc7e548a190b0520a44212c78ce9d0dc485bb63d59121cba683dced5501c3dcc69cdc21e94

Download Submit