2706efa7093b140905b36e7043a076a6b32e682a2f44e07e18ad1e2c42cdcf52

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31/05/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86d7e75a454f5ba69e8841313298776a_JaffaCakes118.html
Size

19KB
MD5

86d7e75a454f5ba69e8841313298776a
SHA1

b89ae9e90e5e7473dd9836c4349fece2ec3c068b
SHA256

2706efa7093b140905b36e7043a076a6b32e682a2f44e07e18ad1e2c42cdcf52
SHA512

6724eda9c597cdb22ba92aad1dc0a8b8e80fd5bc84f5df61cfecad083c08040c3218a39ca3b03b2e3b0b8fb44c8d4c0603ba856ea0d5a6c31e5fad213dc13af5
SSDEEP

384:ziXKhgESPVBD8ciQ3ROfOXPemLxXucfIk9xhexzVc9En:zi0SPgcl3kfOmmQOIk9epqEn

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2748	msedge.exe
2748	msedge.exe
2120	msedge.exe
2120	msedge.exe
3376	identity_helper.exe
3376	identity_helper.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe
1560	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe
2120	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 4512	2120	msedge.exe	85
PID 2120 wrote to memory of 4512	2120	msedge.exe	85
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 3668	2120	msedge.exe	86
PID 2120 wrote to memory of 2748	2120	msedge.exe	87
PID 2120 wrote to memory of 2748	2120	msedge.exe	87
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88
PID 2120 wrote to memory of 892	2120	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\86d7e75a454f5ba69e8841313298776a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9aa2a46f8,0x7ff9aa2a4708,0x7ff9aa2a4718
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:5288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,17172334193496328422,9583964119080501541,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
9afeacc2845d57cc13bf23b9ab8c1764

SHA1
61e428acd6612ad5eaed31a679020b1e0eb05a3d

SHA256
d78c8590398edefd1821e38d5cd44214fcd2b40f71e19d113d25ce60ef35faa2

SHA512
79a3ce2ceac8277db192a9b3b41022330d9546d07599fab7981926e514afbb441bb76e301ec4761e67da3ef85cb4b1c57edd9713bf5c19597be6413c59e33771

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
410B

MD5
4c8a9ede3e4c82e25bfd450802c032cf

SHA1
983551fdfb101b6915aba20d930eeb87f32c4f73

SHA256
8b47d73adb8c5d0e4d70873cba8049010bec3612cf1a8f8e2cee12b5e09b4812

SHA512
c3adf3892a969e6ad197772b5d07b55b581e6a7498a6b354e58313fa5d3c7dd3e93ac00bab483ed87e40b840f402f4f08f06443efe80f5712c9846e3579facc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
969c1c440d420b753b987b470a6b0e9a

SHA1
c0c23cd7cd1b705ca6a3caa003d287d215c9c6c7

SHA256
0667ed3488d1d1ccde577b85776fdb79a17d83eff1d816e0697c6532ce462fa7

SHA512
5e424386929243c5547a36631f9076c741502b202fbab39aedca301bdf283d0ce64629561619fc0ab17551acc34f7d60b3f2696ba2d29cec36f7f3eca763b82e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
35fcf6e1aef362ed427eb97e2387b0a6

SHA1
7e31632b368b2816bdec33447fad77ff23b1706e

SHA256
4451cacc400f5e290a060979756e44cfef2ccab4532e20a67f4a97e2499595a6

SHA512
c90da628443660d23149abe19be21de9f1fae1673b7c2474e802c763e229ba3ff292a074a37d33863218c3138ba4dd53dff7a727771f2cbcd356ae65ba714650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bfae33400f1f414f4090877d5413afc4

SHA1
8fc7126bbaeeb1406fb486abcc0a67ba56adfaab

SHA256
fbc5b1b2d0d54df3e095d54b06b42d5971c64d8d9f18e81b272ff6227357f61c

SHA512
932bc86cffb2797af41e169e4535033cf691f7f78a782384eb235af5293c959248a057cb2a778a238833c0f24317846e3d4fffd031f0e6abc018c067c9869018

Download Submit