6eba6ea385c24b597b749574db607a0bee4011a0791c94856fbe086469f8355e

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dfd595a42fc2f8b8b49aa73ef9b3514_JaffaCakes118.html
Size

139KB
MD5

6dfd595a42fc2f8b8b49aa73ef9b3514
SHA1

e56b77277f5bad265f13ddd96976214cf00a8ebf
SHA256

6eba6ea385c24b597b749574db607a0bee4011a0791c94856fbe086469f8355e
SHA512

e8db1024aaa42f58c0bd484450d200818405f53e93fe5c655a8f79c6bda3e003f17a61a4a0a3a9f7b4eb853f1b91dd1e3b2be9721a969356b261f94ce204344f
SSDEEP

1536:S0chf3w2rAlNCsVtvyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:S0cniC6yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3956	msedge.exe
3956	msedge.exe
64	msedge.exe
64	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe
2924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
64	msedge.exe
64	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe
64	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 728	64	msedge.exe	82
PID 64 wrote to memory of 728	64	msedge.exe	82
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 4264	64	msedge.exe	83
PID 64 wrote to memory of 3956	64	msedge.exe	84
PID 64 wrote to memory of 3956	64	msedge.exe	84
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85
PID 64 wrote to memory of 840	64	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6dfd595a42fc2f8b8b49aa73ef9b3514_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffea93746f8,0x7ffea9374708,0x7ffea9374718
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2685113993016729032,5066641025234939969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,2685113993016729032,5066641025234939969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,2685113993016729032,5066641025234939969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2660 /prefetch:8
  2⤵
  PID:840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2685113993016729032,5066641025234939969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,2685113993016729032,5066641025234939969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,2685113993016729032,5066641025234939969,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4904 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
73e3101f470d0ab769866490c35ef82f

SHA1
cefd3997bebe396833af6b18ff4b0e7bf9752cd9

SHA256
08cfdadcbc4941e37c411fec5e1e4740f0e2c7881f497772e39c9aa79ae59c1d

SHA512
12fd34a6d0af74abc49bcbe3337a65e339f040f5d1a4aed31c01e54c13fe03e1d53591cb8a04a718b3fb7ab8b85a687226185b7c00267f6fc5853b975b4f0a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b01d3d3653f891247985409db99bd87

SHA1
0dbb26572fc88c21bd39c4f87fa21bffbd23aca7

SHA256
521a9991e87ef654782828c32e6ab108d53528c5f989a22eda62fe17ead61d2e

SHA512
80f00b93dba5947050213ccc5e8e58079549a4b0a74c7b4970a3da09808412e4972461cb1e93cb237e157cf6d613b437cc2dd3ea91e2e5f65da5c80a0635ed8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42dad437971552de05f05ec8ebb4968e

SHA1
5d0859364455e3973f4bcd4e51bfe4b921dd1b99

SHA256
8f1984bacb832f11325e28caa2344308184d6864419bbb4342c4a23b97583e92

SHA512
b2693b91a1605b83baaa2f82057115029ea044273a6a7191e152d4a44f9268138dcaf939ad199cd544c8148c218a262900200e4656c0ff5beabae78309ee3f81

Download Submit