ec9833297361b78f2af16d3c07b3a11ec7e91bc629b19753da3c32857707a9ac

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 19:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6f9bc13084c822e8bb66a62cc2341fe5_JaffaCakes118.html
Size

60KB
MD5

6f9bc13084c822e8bb66a62cc2341fe5
SHA1

fdc6beba96a3d49d7a5ef4cd96614ccee010bd0f
SHA256

ec9833297361b78f2af16d3c07b3a11ec7e91bc629b19753da3c32857707a9ac
SHA512

7471a31e5f968405c9be7c65365bf026cc482a73d8da7d2a02cf0dc423528462ccaae542a46b912a485217ddb74118926a973c8aaacff7d4c5cc06e20ab1d2e8
SSDEEP

1536:6ha8Jy2tj0eG/JMMerhmIvG4ZePfc5A+OjbxNGdHE9b:6Jy2d3MkbA+Ojbtb

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
2816	msedge.exe
2816	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe
4104	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe
2816	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2816 wrote to memory of 3164	2816	msedge.exe	85
PID 2816 wrote to memory of 3164	2816	msedge.exe	85
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 1632	2816	msedge.exe	86
PID 2816 wrote to memory of 2464	2816	msedge.exe	87
PID 2816 wrote to memory of 2464	2816	msedge.exe	87
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88
PID 2816 wrote to memory of 1900	2816	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6f9bc13084c822e8bb66a62cc2341fe5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:1632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,9825634279822819064,7871254033960282195,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\37b6b421-8653-45e7-9ee1-8b1a7d885b74.tmp

Filesize
6KB

MD5
249acf5f9fce32694df00f0b6a21c8cf

SHA1
5fcc9776fffe022c74d2ba050097f57e6bf885fb

SHA256
1fc3c0e7e5151fa04ad70218481dce9a75faa2753189d6d3b0e51a363d22d02c

SHA512
86d6deb73dbf5da2685ba195a275b8bd285fc82711cbab7251f6313664c3f4e11b1e0933422e4eaf4993a02e10e788a0582ca49034208e8b7442522ffff74160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
907B

MD5
20098be19c5744d40af14fd921c1ab55

SHA1
519c038aade1b722a91e8dfa7425708aa2ae83a8

SHA256
5520efa230676c7a8fe35751747912fa5cda57fbbefc26e2cdee0c1595b3dbde

SHA512
204b3becde86419e854e77cab97da8ef408d86ad93af270304701df96a949c06b06c720e0e21fddf236715cff17b210182111faec7e72e18c53cb4edd6eee486

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a821dc0e26b3b4643646eb919d0e6e7

SHA1
d6d4634cc2036d3fc3ddd27bda0686f030d4f20f

SHA256
117817ca34758725a234ffee5fcc9c03af998bde804f82f99e62f1fb75c96b9a

SHA512
5a6d2e1dd432e9fa8d8d19e1c7c69a2c339c2e2071ef4140074188b57645b53c4a8bc6887bd66da57555f46eba3e9a4e9dc6326ed6655c7c101b0be005382a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
745c0ce9da1b553bd81b96ee02308ea1

SHA1
5165b737b90469d85f935404cf8bc403b177cc76

SHA256
f20223b9e901048684d985657ae2f6b1cb6f5b2bf6a5f1f9940929454f48dfb1

SHA512
b585626f1166d113aa7b565ab3fd443d249de463fe5bc89e5334503528397ba2fe56e908dbb10d352cc702528942524ee83f1e4687cf148e38adf75e4362f284

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3695900357cfe09d2b3cd193f7f2ae5

SHA1
a30ccdd7cb9e7f01d126836c0f8842bd5dace33a

SHA256
17fd6e16fdc08073a0b68e0abc06573730f3576e86836a429847e7ac117df114

SHA512
ccf9fd439091ef9c4a1247434e7d6e3f45b7737f76720f4ff4f50794051f5c13363875fc5fcf87bc3546a1c654e4c48b811b69f05caeb64d17140fda9775f64e

Download Submit