2b10b5a6f97c656659a4ea38775e7a258f5067b0a0a6d9512b6778308d2cd7d0

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
29-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7efc1348cb551cedee7c359aae3fbbab_JaffaCakes118.html
Size

20KB
MD5

7efc1348cb551cedee7c359aae3fbbab
SHA1

a0cea5ab0fe9efe45f42cbe6009f6541a4528a5e
SHA256

2b10b5a6f97c656659a4ea38775e7a258f5067b0a0a6d9512b6778308d2cd7d0
SHA512

564ef7f30b6e62b26241683625302d930c67b5f73c6f5a09622d2055d1d5f9a541e340238dcc678e08bea04150bb5314f8206a14008b464995582b2f40589f17
SSDEEP

384:xwqvCSEdwqlmAG3eGaZGHZG73G/wnAli/nUQMRGME2S22MLRaKBN+TnNoghcmH4b:NJEdTlm53zaEHE7WoAli/UQMRGME2S2V

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1880	msedge.exe
1880	msedge.exe
1184	msedge.exe
1184	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe
1184	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1184 wrote to memory of 4932	1184	msedge.exe	82
PID 1184 wrote to memory of 4932	1184	msedge.exe	82
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 724	1184	msedge.exe	83
PID 1184 wrote to memory of 1880	1184	msedge.exe	84
PID 1184 wrote to memory of 1880	1184	msedge.exe	84
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85
PID 1184 wrote to memory of 2744	1184	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\7efc1348cb551cedee7c359aae3fbbab_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffe730346f8,0x7ffe73034708,0x7ffe73034718
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1736 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9682837318585551944,11248807226697266957,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3120

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ac2105e913dc9e8c671f5ab21c721513

SHA1
37b49d104fc2ec1721f88cb0f68457a864ab4798

SHA256
cd3f08c5ab36ecadc3bb93fabbdc0af6f69b1b86ac53ffdccbdf202efed07985

SHA512
0f1d9565f26bc830ceb6663346c4e12c1260b8c3709bd2a24a6154260e03e57c15b7c11d87c3d73bd0de8d80fb2a2e4046601df531808e7173fddf42032a9c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
187B

MD5
f4c7ed45791c5fe01581cd6bd3499283

SHA1
45bb3b574c0fb8b7e6f9cfda89c69aa1ac49bd5b

SHA256
26c812d81524994ef63a2c7b7222edafe28a76f2c3f985c7c9c36b3411ce9722

SHA512
c75ba1c8f34e6f8756464d7cb4bb27a1a5434372ab837c4bdde5dbe6b6f819f663217176ebded25ed2b999d0090832b4680b5331152c0aca3187093fc9d3a96f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d326534fa55ffcfe85858b7032bcade7

SHA1
560fec95bc1321fd5d14a57c5b3fab823725f11e

SHA256
cd7a132996c8f636cab0def4cd23c20ae1fea7ad9f2ee90ad63693841603785b

SHA512
1c9ef3df9e155194501609f5f134dbbc01eaa6890342b2fe9f1df368ee5d77bc3bfa246509ce7e0c2490dedd3397637ed26a318c09bb977216ed897bce46c11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d1dcb0864ad765658f7506e006a4992

SHA1
811dab578b0ac21393aae4293f8cc376918631c7

SHA256
f5bec4cb4e284fbc0a49ceda5f74851d3efda289e829028a8dc43bb22385e990

SHA512
f559919a94e22f30e130b15e0078efc388cbd5f0f367bde316e5d8414ab7852c3f6adde31f615a3abfbf77f414fd34ccab58eb5312c1b841c40eb2db062b6d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adea9689c57df1549beec33c7ed1dc5b

SHA1
7126e506befd27d4b046be0cb862210c1d4b90bc

SHA256
b0052877980c24b921d5d41f2ccb0a946a9278fa243d2884214619d7e48b8a42

SHA512
728ca5862d79a8abe33d4fa6bec563b2fa44f1d45b1b5f57afb7275cdf90b875babee9053ec1efec88d22cdcaf150785baa7bd4a9aa51c2fccbecb7a9f669999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
054b5b68385e5d366db42549e8c19765

SHA1
95aaef8d5b8fec6ace76cedf180a496e4fd552e9

SHA256
5fb83eb5102ce17403c5df9268b1bb07d4ffab8c0126387f95605c3318d876fb

SHA512
65118c1c0707a1c33d81479829ee23777d15fd3ec80338c9a59d78f3a15f4529e708270fd42c5fc3be89f7f4203cfb2ef46d21103bf2330e0120f3d1442ae9a3

Download Submit