52c69fcaf7106ea3a5efcee5893eb5bb755a591a9cbc4b8fcc6c5bb3a575f30d

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a2d0b68be8bafb7f72bcb74d9f6de28_JaffaCakes118.html
Size

61KB
MD5

8a2d0b68be8bafb7f72bcb74d9f6de28
SHA1

8bb144a147f7fc4b644508f10f7f48f2f5e98fa0
SHA256

52c69fcaf7106ea3a5efcee5893eb5bb755a591a9cbc4b8fcc6c5bb3a575f30d
SHA512

16fb21d55233d0a206a22b8bd719d081059a0598bc537788fd8f3abff3071a1ff4961d4b6458834ee2a3bd8beeea52847bc5daea79f62891072db8f6f311e720
SSDEEP

1536:4+ewlpskEw3I5KWvfyfioM489D8fSHXG8dXiDqexTTK3uz7rAGnaDJwMPp:Wwlpsk33I5KW/oM4yD8fSHXG2XiDLTKf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3324	msedge.exe
3324	msedge.exe
4844	msedge.exe
4844	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 220	4844	msedge.exe	83
PID 4844 wrote to memory of 220	4844	msedge.exe	83
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3940	4844	msedge.exe	84
PID 4844 wrote to memory of 3324	4844	msedge.exe	85
PID 4844 wrote to memory of 3324	4844	msedge.exe	85
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86
PID 4844 wrote to memory of 3500	4844	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8a2d0b68be8bafb7f72bcb74d9f6de28_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe0,0xe4,0xd8,0xdc,0x108,0x7ffc19cc46f8,0x7ffc19cc4708,0x7ffc19cc4718
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16498030483140613036,15836689948405388721,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16498030483140613036,15836689948405388721,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16498030483140613036,15836689948405388721,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16498030483140613036,15836689948405388721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16498030483140613036,15836689948405388721,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16498030483140613036,15836689948405388721,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4520

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
564B

MD5
03d267d658756cfe557c3c3bb6b44697

SHA1
b02f5842d9f51f9236f9dda4123f6599c317e1e7

SHA256
0c077a34322f60dfc0e67d82afb939dcf020a40bdcb5e3f33aecf4ca3f5d0b73

SHA512
a7b87bfbcdee73de265ee78663228cdecfd90f08d63e6c306caa5b8c1dd9bbeedf3a0915dcad2501cb61e564a4a74b88acaf83790a9b43caef8b53bdd1aa5687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
86bc4acb5bfafd87272921c240f01ee8

SHA1
2c9cf2b713f166f82d62b81787090a3963ae7b01

SHA256
1776934cd21714218b60fa496fc7c0bb1d57cb1928de474617ddedbf2354d387

SHA512
dd7fc2c921b7f6ef044aa461dbd111d385318cf56688ba0d6b78af61a11600f36cceff05862c8b3b6361b378c641de3e298a030ebe5b10af99b537ef9d262adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6954e189556581ac6189a429479ec61e

SHA1
4087f44a4017f7d63d86667913f96154ec409a54

SHA256
a968b5d394067b8028b664a803f18f9bda2647c68f45d37ca5a790d668d9673d

SHA512
2d542fd36545e1f52d661071c91694397288a4def4ece26f7f863bb6afe26f383d952fbbe1e3c1586cce2e8077216dbbae841ca6b9fdb0f213973a5977dfdb3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0e45ea6755b4291a492d6b7cf0f732b5

SHA1
6210f792522e85f8ef87db9ce28ea32141d80f26

SHA256
52e9f8cad624bd4f4ba1caa25908ceef9f62f0ac2552349a89ca27d3c8e25fc2

SHA512
18a7f83bd40cc69f66e95f940d06a10fe760aa686d4d9e6867e9017eb881f0216e96bb44d976be6d4a784049e3d140b818963c538e8bc2f8d7a81e88b8d04f96

Download Submit