43eb7901be9f8543e2c3c29f8fd30f37c2a1defbfdbbca04cbfe2dda5b3c204d

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 02:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8c92c86ba4a3e2e672ef12fe2c2a61bf_JaffaCakes118.html
Size

45KB
MD5

8c92c86ba4a3e2e672ef12fe2c2a61bf
SHA1

ba1ef499a93563fd4c0e87f1af417c61c3f94829
SHA256

43eb7901be9f8543e2c3c29f8fd30f37c2a1defbfdbbca04cbfe2dda5b3c204d
SHA512

563b233aae02bb73fde366b5fcd4b4ea79cba8f6d97a7285826b1f3e88195a6f335011500b75edbd0458d59d2806b79bda396349c859b7a9a3c08f5de537b0ce
SSDEEP

768:lCuXPIpBtgGw0ZAVVbCEdmx0FPG9oRpXOj2SCO:lZIpBti0ZAVVbCm1DXO1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1572	msedge.exe
1572	msedge.exe
1332	msedge.exe
1332	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe
2352	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe
1332	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1332 wrote to memory of 2096	1332	msedge.exe	82
PID 1332 wrote to memory of 2096	1332	msedge.exe	82
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 3032	1332	msedge.exe	83
PID 1332 wrote to memory of 1572	1332	msedge.exe	84
PID 1332 wrote to memory of 1572	1332	msedge.exe	84
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85
PID 1332 wrote to memory of 5108	1332	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8c92c86ba4a3e2e672ef12fe2c2a61bf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7fff0aba46f8,0x7fff0aba4708,0x7fff0aba4718
  2⤵
  PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
  2⤵
  PID:3032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,14608629838375662917,9232044297309397800,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2932 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eec2e199228deff3b35ac035edc7e16f

SHA1
28a6134c3def0065a4b18d060e6f628e5cb84786

SHA256
ff39e5768ff4c5e443cc8774a48adfadfbbd887197c7b1602ed7ce5bc13c78e8

SHA512
4c99cd40146769525b06ad9eefb71976dee335d634f0f1a6b02add561b32445efd88b354ffb2483ad6a96328b4a05d555b46c5d60ef66d60aea5154e634f2e9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
8e3fe6f941918b85f26b0a9c0ffe5e7d

SHA1
9a42601bf8ddf7b12c3f220a2057888e39a80bb3

SHA256
e957d60c70860c82226d457983cc65890cb9385c4ad842519c70861808994ab2

SHA512
0a574ba7cf300c73640df31fa316bd8583e6ee8b419f28fb1366b97e30cb934ae93359158add5800d6ba24ae69b9df1d4ad86298bf16c89ce939bc3d91e0466a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9d38aa088efef9f884da25ed086346c

SHA1
f115ed5c747ff422ec78f53d0df95c95db86ab61

SHA256
930a98fcb69ed50d492121babd10e7eb3d06fc60a33c1ec9c4ad6a87f5aeb424

SHA512
24e618f822fa729fa336b4dcc23d9869cca56a7497fe7c61f89bb9cc19e38218cf84b4b6083c4dd26d3323453f62eadcb1a1aa788755ffb37edeec9914d83091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2d9a7613347793edb7af2daa6c9ddf1

SHA1
186a917f1cde046a554422c9638736be46ce9dd2

SHA256
73b74dc89238395d1f51c0b4d2386501278a11b65b5f49b02702a42c726896c0

SHA512
32d41f0c1200334024dc0f5acc720217fdf1aeb9fa636996d6e23e534d147187f49e6625b7c90b9bb54826c44d5745a8b863205399a2425be26279fc06a40350

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a76df985779c7e16674b7adbac76b67b

SHA1
6705bbcd7eb72abedf99c48ad4e05c5b1e7a5736

SHA256
e44a0c22a06b188303681ef31e4690b507bbdfa6aaed593d8d25d8bd0db337de

SHA512
a14770c316d317218300154ee46b032849a0e40e7971077fc89271fb188b55bd5823158bb56d730d11ccba3321e9b1442022d83c98df6d93cb33dd49e7a9d20f

Download Submit