2b79c64295f6e4ac4744fdddce08278f8f47f39b4add05defe56ab0423372fa9

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 02:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

85c0d8bd02896c95368a98536e3bb0b2_JaffaCakes118.html
Size

130KB
MD5

85c0d8bd02896c95368a98536e3bb0b2
SHA1

97710981026e8c065c5781dadf62344683d37a4f
SHA256

2b79c64295f6e4ac4744fdddce08278f8f47f39b4add05defe56ab0423372fa9
SHA512

d86b1703f0055ab9e7569c52e5f3a1e773c1159d0d0ea2d01d916fbb2966541710bf8ff330ce8aa1a287b534e69fbbd0140ec9573ae8a48b3b8f184a4c570b34
SSDEEP

3072:lNddpT09dAYoa6yDs6uxavUtxzwrzVTMJK2DDw3KzMfm56Iey9lx3C7a3HdHH8k2:Pdj84gr00ZTT9f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1312	msedge.exe
1312	msedge.exe
4268	msedge.exe
4268	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe
1408	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe
4268	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 4972	4268	msedge.exe	82
PID 4268 wrote to memory of 4972	4268	msedge.exe	82
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 4632	4268	msedge.exe	83
PID 4268 wrote to memory of 1312	4268	msedge.exe	84
PID 4268 wrote to memory of 1312	4268	msedge.exe	84
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85
PID 4268 wrote to memory of 2584	4268	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\85c0d8bd02896c95368a98536e3bb0b2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe7e4646f8,0x7ffe7e464708,0x7ffe7e464718
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
  2⤵
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4272 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,84138908899075606,9789229353223035807,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2820 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4208

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
537815e7cc5c694912ac0308147852e4

SHA1
2ccdd9d9dc637db5462fe8119c0df261146c363c

SHA256
b4b69d099507d88abdeff4835e06cc6711e1c47464c963d013cef0a278e52d4f

SHA512
63969a69af057235dbdecddc483ef5ce0058673179a3580c5aa12938c9501513cdb72dd703a06fa7d4fc08d074f17528283338c795334398497c771ecbd1350a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b167567021ccb1a9fdf073fa9112ef0

SHA1
3baf293fbfaa7c1e7cdacb5f2975737f4ef69898

SHA256
26764cedf35f118b55f30b3a36e0693f9f38290a5b2b6b8b83a00e990ae18513

SHA512
726098001ef1acf1dd154a658752fa27dea32bca8fbb66395c142cb666102e71632adbad1b7e2f717071cd3e3af3867471932a71707f2ae97b989f4be468ab54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c0d67eaec937c62c26bfa80911f56a88

SHA1
b4f5867b99ea54166279f121a9734ce5fd765f4e

SHA256
9b80908f220258534c4f7beaa472218d3867c5b956dc8df60293192bbf991fd2

SHA512
2f67180b4c87b6e10abb44b14975331b163324c7468dec3a5530233f483bed4f1731934c9d7e5bc0b1641968eb596890538a8445197ad5ef13e402afba50bf75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5b839eb8d13e695d6093d9c79e507491

SHA1
78cfab7c4129649826c0947cc0fa3283370fb1cc

SHA256
a6714499eae6e7bd7ed08304d1ca4d583a3085397926ae6b584fa9dc70372218

SHA512
5e6b88a7ccb2b76013c827e7226bedf7bb7c1c3ba661b03ce6f4a592f2faeaa4a7cb677baee329380b6b5dc19df6c7e3ba80b70566aa9fda7d2b09431cb7ff42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
debb62e16f80e1cd368d0d77b21e1fc3

SHA1
2e7ff3488f691ba6976888114a4010df399d025a

SHA256
c9ed4eb4530022880d37ae679b3281a93a8954aec8fca46156a48689d1d7c601

SHA512
950a1f6ac2f03b1b80456dd7e55d2ab999946ab9c94aa21dff3bc91401f7af3baf2e9b6997408d33b9d4422d953cb7d0801cc08185bbe64e5bef39f0bac753f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
293327b8e38769f439d808a41b42a8cf

SHA1
eb62ef5b8d72c20c086cf784fd2843604ea6899c

SHA256
1bc90a1a5ec721bc135d952f9debd32e22043686f4fbb8349448eb975b151ce0

SHA512
bc30a3e94d570026690bb22f551ea7229014645bba807d34021bec651c7c8b32ac1e7b84986a4cfabf8947dbd1a220189dbbf82349d2baaea525e9ba39b9a5a4

Download Submit