869e1f75b08b7de9c77ebe5d4d1d5d1a0709c66424d1fefc8268cc96db03f3bc

Analysis

max time kernel
145s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
24/05/2024, 20:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fb448055c71f11449776bc562f6ee2e_JaffaCakes118.html
Size

67KB
MD5

6fb448055c71f11449776bc562f6ee2e
SHA1

c50bcae65e1ab2c2d6ff184b46d24c59e153f0c0
SHA256

869e1f75b08b7de9c77ebe5d4d1d5d1a0709c66424d1fefc8268cc96db03f3bc
SHA512

5e290f3ac590d65a58f8f577d42c37051a3582982fbfde44ea905aa6a8aaa0ff0cce76d277916460f553f7901495fbbe8bfe954fd6df0f09e867dad0616badf8
SSDEEP

1536:W2WviAt+JBsV3yPHUQWqBh4cEvrEedOOzh6aCd1o:TI+JBsV38WU4cEjdOOzh6aCd1o

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3836	msedge.exe
3836	msedge.exe
3272	msedge.exe
3272	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe
4344	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe
3272	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3272 wrote to memory of 3416	3272	msedge.exe	85
PID 3272 wrote to memory of 3416	3272	msedge.exe	85
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 728	3272	msedge.exe	86
PID 3272 wrote to memory of 3836	3272	msedge.exe	87
PID 3272 wrote to memory of 3836	3272	msedge.exe	87
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88
PID 3272 wrote to memory of 3580	3272	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\6fb448055c71f11449776bc562f6ee2e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbcb3246f8,0x7ffbcb324708,0x7ffbcb324718
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14979834073377413811,5004485138677085544,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,14979834073377413811,5004485138677085544,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,14979834073377413811,5004485138677085544,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14979834073377413811,5004485138677085544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,14979834073377413811,5004485138677085544,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,14979834073377413811,5004485138677085544,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4344

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
9dba435c4fed441f51b8551b677bd326

SHA1
3adcbbe9710d5e2ee41d890b0b20054ed6105328

SHA256
581411ee404ecfe905dc215455d06dd25ed5103889b5196343027e155e8c3a4d

SHA512
a90ae4a42cea489d5db5a73a680b63fabe18a2f51573a7c2d1a55fa2e10cf87f5cb49e562eb8cb5f92246df0c297678e8ee842a5916039294427439628f9ecda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
413a28e805dbcd13bd41a8b75d3a3716

SHA1
f10d63794a81a142184b27284061af41325e515f

SHA256
55d89aa46265a6729a3e866c699b505c265b69ebb459b50e1af0eca6bc4f2d3c

SHA512
168f61e6e4b1ab9ddd8bbe2b38a3ee5521a560c82bdb3022539cf1aac12a7196a3c506bf40205c34969d54803def58740371326f854513e83c71fffcd9ad0214

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
adbf44abb518faa2be36a933973fce8b

SHA1
696bc4737e3624b0a7f4ff170aac58d4d54f6d60

SHA256
fbde482cc6924edca46f9063f6318792fb0483324696a4e350a412a5bd8881d3

SHA512
e5b193881b552e5cb0aa391afc446ca807846f00f4f682a971b885c6b0b4510224c615862ab449335d98e16072c6c3d1c0af0c6a8fce2aed0d3ddb746347fac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
8b6a0a10015c4f28d1b9733e435db4c8

SHA1
9f530fa7bc4926ef6e87203270d45226e3f5ba65

SHA256
1879dce0193ac59a2fb203f84f5374ef5269371badf27d4e7ace49a804ab3e48

SHA512
8e9885d9a01505d358775489e49b7f46dda6179f68c34241303edb7d70f56af78080952ba9a677113a6fa91fc2ed63a60c2f868e824d66e7045b965ca8da795e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
1f5245080da4d01e99f748133968221e

SHA1
4f8f6350282f71809513147de7cb6966fa6f2eeb

SHA256
887a82b4d6e7836a74e8a5fa3448e095313c69b4332f23923a46fa99b57b0568

SHA512
e511ef9f767ea36d93214e3de59efec3b80057390ca7af1673b1c75935a5641332acafaea5cb52b0a7e83e3eb22465c0577d0e53df8280089e20fe7c77a3afeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
b21408537be99a2270672e5f371d4b2e

SHA1
058d6bad31e664b4d245b941b1c6477badb38e59

SHA256
57d1718cad0e6d1c6ed9a59603391f23e92e4bd9a1b36008adb7a693a9c48628

SHA512
b4a5cf38a3ecc61aa94be45cec53c23e0b46dcd2027bf26957a153cac52a7394d56f0842525c6910b50bb632f5f566823c68e3704c584cbbfbfd56d29280168c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
f680b976bc04e814e39ac3ca16f5a61f

SHA1
45852263b2047ccdd59a91268c80a6759bc238d1

SHA256
5d02fef7711c3476c39c61c3eab59b0e67a8ae141095be3bcb1ac678f5fd940e

SHA512
ea296576a165857bf0cb855f4b0bec952487f86572331a53c9d32370535ce687d59074ed28487efaaefb6258f05f44d772a57f0d1b7594e77a99672b87161c6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
69efffd4795aed5c4f2a572a3813a125

SHA1
510a831af1e371e67828267979037f62a76be0e4

SHA256
f24295adb45d0921c616e1f14ebf4355853a48142c2ef56ee5f0bd2af4fa6d9b

SHA512
27588656238d8179ac58fa66562fe58a5278abf176fca00204253fb68c8a1ad2f66680ea3812b252d1dc25051762e598b40d4b518820bb0cae30d90acd4d3c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
707B

MD5
fbc0df2a70711f5d0cf83d7ea4d1816a

SHA1
172adc3b94e1bf6b22a4b5bf643be8b609ba7d09

SHA256
fb3037a2475bd024e7d07cbe24e5738dd1084ea55afe8c0736b44e7580e096e5

SHA512
6db6e5c31dddd9833e718e356c0ea5873d037135ce52afd515a7f3e803a53553b6cc376246da04eb5639e1f4fd973dcaf40d84972b0b161c45ae09bfe38c472a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef61.TMP

Filesize
707B

MD5
d5e2cf0c0719284e841616e3cf251d87

SHA1
9d4c246e83a0b7da111666a0f74b762de576b575

SHA256
9e060257c3df422136afee2e2eff394b537ba8449e342f8682bc01a7a29d9d14

SHA512
7d353eab68962916091e5b4c3c96fcb79c9510e10fb207e05afaf38451555eed72c770553bcd10047a8941effecc29cc765f1575f09a25ca5f991c8faa72c189

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ac163c4e497b67d4dfc93b24faad7b32

SHA1
0b28ee90fc334de573be8144a81b4217825c1a52

SHA256
37fd0e211baf1184f90d66ab2acfc2c7981a3063b1d76805bb30331ef67824f9

SHA512
9d1e96ad98c8b661380ad2e00392f62cd31a612d7520796c301b1d9d759cdae93963896b70a2b37dc94b1cae0e46866ec1ed88c5d16f6c8a5bf98f96c96b5f92

Download Submit