6e32282e73a732d831b59c873151d5b47a5414cdaa44a9f06a674f3c80f38fba

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 17:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79fea1f0c4e60adf1e94ae4fcb08edba_JaffaCakes118.html
Size

47KB
MD5

79fea1f0c4e60adf1e94ae4fcb08edba
SHA1

dbe2c562c0e7f15500ebceeec7066167b7977628
SHA256

6e32282e73a732d831b59c873151d5b47a5414cdaa44a9f06a674f3c80f38fba
SHA512

2e362d02d8d3e41022be05459ce5388ce96544001e34d31755bc806eed5243ad748ff32a07db0520533f943664de9f9bfda2cbf50b30d1a2b4e9990f7f2a88cf
SSDEEP

384:EqymvWuLDzlV1mR3KQLsn30Ho+bEEe3vTB7VX0N9bY5+k0XAdwoeQQQQQ5:EqnOuBSR3Fsn37r17ZOEOAdBx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
888	msedge.exe
888	msedge.exe
5116	msedge.exe
5116	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe
5116	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 2484	5116	msedge.exe	84
PID 5116 wrote to memory of 2484	5116	msedge.exe	84
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 3716	5116	msedge.exe	85
PID 5116 wrote to memory of 888	5116	msedge.exe	86
PID 5116 wrote to memory of 888	5116	msedge.exe	86
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87
PID 5116 wrote to memory of 4716	5116	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\79fea1f0c4e60adf1e94ae4fcb08edba_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff84d3746f8,0x7ff84d374708,0x7ff84d374718
  2⤵
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
  2⤵
  PID:532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:2532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:3320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,7738401353874490046,13911352052370647522,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3724

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x42c 0x510
1⤵
PID:3768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
97c6bd2cdd99e69ba1a16e20582461b9

SHA1
d211c6f2349f0f533b7c515350f4020f88827b16

SHA256
07e924ef8ee88c7b6760b3974cc0ccb520340f1dbe465153e161df72f609e3fd

SHA512
12b4249ada8becc9fa9b0cbad97607dee786b36cf176036c9ba21bf4be9f1c82498b331db8788bb7a75c5bab2ef845cdf3dabc7496bdfa207a9db3678b487909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
568B

MD5
cf3adbd3e6048ffc0e5fc8d1626afb58

SHA1
b42570587593c59992d341e89293b5ffe858ef63

SHA256
0fb7cd3edb718a0cd805a0f1312559fab2b5c5be1d7e3253fa828fd6da491169

SHA512
d8a3a213499f073f384271169422c0f820240980eaf98d387873027c23b1b7220d1c083e6f5ce2a76163f0706f31fcc1f6a60e6f0d8468dc41a18b099e48207f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c917fc96d4c15b7588c675e3aae53178

SHA1
2a5d436b35c58ab578f8de9a7fdb74a1469992ef

SHA256
7f4a787c0867fcdcdbcadeead53eb6f28de99a625f7831e6cd328931b1df303d

SHA512
e3dab58a7ed7c72a133b8b87f05b3f808480ed70f3a1a387458b267c33b42d686b8c658e2652cb456ab581a8c92c994109ff6b178a6065cdb514ff12fa889f9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
720bc251363e583890743525bddf0650

SHA1
af34d53fefd3da99b93b474cd4e258b28dc03875

SHA256
6954f66e54164f42d4e54db9c99efa6f0e8a4b042d171c3b180e3c82bb35529d

SHA512
533cfe7e40c8b003620e0d750dc524e38b34483bb2b30ae3777c703ef1d425f5fb15dd96257050bcb3903e4db0369b5afbadaaf6758ff3787af551d6d4d8fd22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fc96644107d94c3d58698d71897fb62

SHA1
603d2de7cda3d16a0c27c9757341c27f3b68a750

SHA256
d0645fa0e93c982bb3b0be9ac82b59ebb94249f206b9da71aff8c5f5f6007baf

SHA512
2ac7f027feaaa731d889fbe01f6168ec7a69d34b3ce942b9a56c5656a62de0a65f408cc0d6f93f7d2cfcd19e1e02e292a683ed07f14614129fd295f34fa62ff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c8a765d8-de2b-42ea-b799-2994b16b235b.tmp

Filesize
10KB

MD5
f5b26f80c30d255040df397b347cf1b4

SHA1
1937d87ecfd3a8aa7243ca162e67e836ee6d7012

SHA256
e66e022cb454495c919f51f7a274c9e889a92048a979335183db213247338290

SHA512
306ed09d3291a86e8e499ae9eb134f7c0c57004238f014a9d46ffe4aa373324e041af87ebd4ea573629a97f64fe597721ce33c000b148644d5262011d4483fc9

Download Submit