94b5fa0a18cf1deb4f5e5b74b0048962d6dd1ec012daca235404dd0af9830125

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 23:00

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6c8c8feeaae9c5ff95296f90ae89dd46_JaffaCakes118.html
Size

207KB
MD5

6c8c8feeaae9c5ff95296f90ae89dd46
SHA1

066cea1b3cc8d75aecf64bc08f2ae2ade89ee767
SHA256

94b5fa0a18cf1deb4f5e5b74b0048962d6dd1ec012daca235404dd0af9830125
SHA512

99780b4c97a45680b1b56c4433635a82d64ecc2b590892f108a064647fc3d97c22bd619fee101d0f47d2b8c17df7fec8c82ef2d9dedd491fce8abd13511068be
SSDEEP

6144:C530DH6NEQwjcHXxQRVufJc/09l1kA05u:CuDHQmjcxQRVufJc/Pu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4368	msedge.exe
4368	msedge.exe
244	msedge.exe
244	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe
244	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 244 wrote to memory of 2684	244	msedge.exe	83
PID 244 wrote to memory of 2684	244	msedge.exe	83
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 3780	244	msedge.exe	84
PID 244 wrote to memory of 4368	244	msedge.exe	85
PID 244 wrote to memory of 4368	244	msedge.exe	85
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86
PID 244 wrote to memory of 4896	244	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6c8c8feeaae9c5ff95296f90ae89dd46_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9fad346f8,0x7ff9fad34708,0x7ff9fad34718
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2696 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10956407449729432470,7175743786374411702,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4708

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
ad3a51cace70864b458bab81c0a3c88d

SHA1
4ead21abc67971031e82db8e1f566b34a8498794

SHA256
5cf4819daee85e653d573ac635a7bcd0762b9704c6f15e021c0e4ef3893268cb

SHA512
d4b8c9810187389e1b586993d0a9dbf48eca56db3d0e94fafff9eadd2580eedba3ab1eac7fa4bf9f189747a05576e75423cbd6459cfaffb5136789d5e65b3184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8e4d84cb2f321a863ce7f86780b0a7c7

SHA1
a7f12dda889aa7d81dc6f6ff9d0fcc9b170cd54b

SHA256
523d0e7e59d24d215cf0eacd84723ec91aa83cf0007a4b108857308300dc9f32

SHA512
d1b9f57f16851ad8a0f91990e446a0d04e7ed06f4791a6ee0ec21ebfe27e91791a5458d14e47f5a0dc743a9fe5984e9edb173ce7a10f4d95beb2a7ae4d392d96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48a59aaf184967e7011af6bf5650b595

SHA1
f8829dc3d57bd63fc518f3d6016f64d5ef3cd435

SHA256
95f8a143c47b63977698c2db3431bbc1c94cb59e0ebf7a2e7247c17d2581355a

SHA512
6067de03ba25824c5be603a48706607b081454769bbb88f065ba522456c900f61490843d6e017496d2bd3e8dcbfb823d2cd539a17325677b3792d918930e3c1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d39e7cf24660c2d151995039dad3d0e2

SHA1
b1ac10c30d89b6b9dca861afce5e8b7c73a2180a

SHA256
2eb604b7f967e9df5654768f9c9d5244fbdfbfbec9eed2227207b217864478b5

SHA512
47a9f89eb3149aabe3f5b8d5a5c7399130bc0e81805720a6d1d50167f28ef7a1d8359ae286dccf1bfc3dd602db6de2976ba7d68b470f5925f021117d5837c2ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9547107372ae244dbbf110462de6be4b

SHA1
179201ad25fcaa745adabd6617331dc304ccc126

SHA256
be94acd8740883a8263debe7a36a7ef8f400089ad3616f4b68a708e473a0561b

SHA512
0329cc0f1564aa6f3ce585eedd8a9371f2747708ef30130866ebca28f09ea89bf30600a7b27cbf215243568cd0b3ecdbb46f774c2f454f73470abae0e8d32943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c3ae.TMP

Filesize
707B

MD5
d50f624e0f94ee43a06a0a12b7c64c4a

SHA1
f51483261dc8cab15690e1b82f76a84154542e5d

SHA256
831a59288062af98767553ae4c0a58c5bff6212c8cd6b011651761bb3505b7fa

SHA512
f24453346a8ef76c460f6bbda6efa5b80e04ed14887e0cd810655f36833e03f735370fcdd376d638dbb6ee5d7511fec5bcaba3d3bde8f841b43ac3824fcff36d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
74840844bbf91945f973dbafeb5a0516

SHA1
9662f0dbeaceb3c92cf49588db367ab03b953b05

SHA256
87902ff796eebfc2ff013abf125a7b289d8d5e11a779ec535ebb31d4472fe0c4

SHA512
c1dfa8e7131fa4253aff77ccb8fe730ff026fe1f94b80c8479c6595d60af98823617920f96cf3bd856fdc45179a7093ba05a77a27bf766794a6754794f39a04e

Download Submit