6aab4ac225b802942015d4d893396daeb18aa35d9f8dd3239a15c7572bf0bc74

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74fbdb2a481ec20cd339a87c08f98a42_JaffaCakes118.html
Size

161KB
MD5

74fbdb2a481ec20cd339a87c08f98a42
SHA1

887548b19fe6085a07c2152101cd82ecb4ea7320
SHA256

6aab4ac225b802942015d4d893396daeb18aa35d9f8dd3239a15c7572bf0bc74
SHA512

200ae54837e566fde334403d1e3f78c8a1936a61bf1439e3ef3a41bb5dfd5e6867ad7304ae4353ff58b3c559d1fdcd0d11e1e53d53c405d371d4cdfc62b394ec
SSDEEP

3072:SLhlj/rHBPJv23A1Ou7J0Di8VMLo3Cyn58DT8fJug14nrDB2:SLNPJv23A1Ou7J0Di8VMLo3Cyn58DT87

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1144	msedge.exe
1144	msedge.exe
4712	msedge.exe
4712	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe
3220	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe
4712	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 4788	4712	msedge.exe	82
PID 4712 wrote to memory of 4788	4712	msedge.exe	82
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 4604	4712	msedge.exe	83
PID 4712 wrote to memory of 1144	4712	msedge.exe	84
PID 4712 wrote to memory of 1144	4712	msedge.exe	84
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85
PID 4712 wrote to memory of 2416	4712	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\74fbdb2a481ec20cd339a87c08f98a42_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1ec946f8,0x7ffa1ec94708,0x7ffa1ec94718
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:5716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,7526772517924372250,8411528986764178268,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3004 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
d51263384bf3832adce3f1252778c7b9

SHA1
cbb311c81d394f3a31db697e86b1b23e50234c43

SHA256
a2955de6902d8769adb5339a1f6c9eeaf33c21d93474f7a6cf61671a85c05503

SHA512
c63567917d16905329d6bdb726df88fe6019ff53b1cc96e642ece8d2e878a0e0fcdb5fbd5cbb7fe690242ee44966cc5871587b060e53081d5e0b4098356e148f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
70894abad5036f62c0d678b48de895a3

SHA1
357f037c038cba78bc896ab8e568cd8cea7f614c

SHA256
ca463149fa440cfe13a9fcd226516fad0f7e763ab327322b3a903c3fdaa9f4ab

SHA512
b30ecf9291a91d1ebf6e155355839e8db7079991fae6167c69510909f5703377f8006bd4ab6368bb7c18d8b1b3b3706b0c6b88d11e3c3f9b7efe64120309a470

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a86194ab1bb3765f440bf20429b68d1f

SHA1
3c066af9ea5f1af70cedfa91de6b5c56e73b2582

SHA256
29b6cf8210dcbb68c9cbabdd360df4985db08f06a4642044c441d05dbcfd3c98

SHA512
bec19ae8411755a6caff37ab43d726cb4c982598874bfc9f71c3d8ce5e00168cfbb98b03eee7c4bd284148f4fba452df5003f692ca8aa507d0d93f7ca9af4bf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6829d4c3807910cb13cd1dbb5b1c9482

SHA1
1ea6b86e54f424d8242f47513063fb48254e7b9c

SHA256
8f07d110f397557aed59ceccf082c627a74d4e0b7036fdcaf3541ca82e6dbbfe

SHA512
425f2378679c28fb41d01dfb00994bb6d7a3b74f2cfb6a9e8bba4867694dc265304d6a515222dac2c260dc4bbbd95eba5889a90f2b7c765d59060fd1556479c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c05b08921462d7213293e494c5d13d9

SHA1
bc31c9fb32959d6a15b3c6444514d8a602d1eea6

SHA256
6cb2d2d706e53cfec507fa45b9187370a6eff7ce032dd84b0d13d65991c3c084

SHA512
e80834934f7da152903ae0c46fb4c8ffb927280caf5c91d281ee388e42cb02f652e1f491eae0f6b139098db1a642803e1846f8ef6ec094ffd6857a9669e99a3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
3b8210c4c9651bb16663ab329b444a9a

SHA1
d99e1612239549ff0bd2792e2ce8e4b74dad0045

SHA256
206ba90cbe87c93710ea0a96446b1dd810ed6867b4f689f3bc577b1c2da0b6c6

SHA512
98004b7b349f752add723d6e1bc90e631a3eaff7779bb4983c4dfea8ecc7ec33eff22f298c302319b3c7855fa402a89e0067a09ab840813e02782195b942198a

Download Submit