f0b60068911cb00de55b0108d6381f8f7bf0c4ecd852eabe262ec6c3b3656663

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 03:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8cc380c5f95aaf039a251d3b8d5c172d_JaffaCakes118.html
Size

231KB
MD5

8cc380c5f95aaf039a251d3b8d5c172d
SHA1

448f57b99118325f3119605be0e75b5ea1755772
SHA256

f0b60068911cb00de55b0108d6381f8f7bf0c4ecd852eabe262ec6c3b3656663
SHA512

83d5afd6f38fed38db6f72a47198ee6023ca45c67ac6301c4b97433ecd697624805de0371db2e6c1e12ebfbc2f63cd60a08ad102893bfc3d3f26883a9c77f644
SSDEEP

3072:zrUEvNz//geesR+gL9qkft5XmhymhE+mh+NFZhGPyMw8:/UEvNGhBhYhjP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1876	msedge.exe
1876	msedge.exe
4200	msedge.exe
4200	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe
4896	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4200 wrote to memory of 900	4200	msedge.exe	85
PID 4200 wrote to memory of 900	4200	msedge.exe	85
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 4460	4200	msedge.exe	86
PID 4200 wrote to memory of 1876	4200	msedge.exe	87
PID 4200 wrote to memory of 1876	4200	msedge.exe	87
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88
PID 4200 wrote to memory of 1728	4200	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8cc380c5f95aaf039a251d3b8d5c172d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff76e346f8,0x7fff76e34708,0x7fff76e34718
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4892 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11257212881122347749,13908450153584593208,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=212 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
1a59404cb3bb6dfe9c87aca528bc3d4d

SHA1
7904987a7497f1b145c049a98e908f5eb67de250

SHA256
327a4255dc20922356015f2505aae2423bc5f4666d27e72597259c971bfade7e

SHA512
7a0dc65d7d0cd1d3780ebccca61e02b8056078c8c372cb186fae5448090e99a404bf3bae5b12354d7e3c5aa7dc3504418479f0b28c360b1f184c83aac2176727

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b071fc4a3457a6314d46cd8530654f93

SHA1
f9e811126b01695777c6b8ce3e2b39492e79b00b

SHA256
e13899eeab5710902c7952bd58330bced3eef83484ed58d1a35e72f9f163a0d2

SHA512
8ed34f131817ea8a30f0b307bc80c387e031e80e6f2d669d7f8c5cdf04743f607d1e5be7f15363bb33ced30cf8a2bd9cef14816899eb30d2ad5738ebf49c6f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1626599821b4593819da385817cacb7a

SHA1
2470065f8e5a1b215b190e2f34862e8e4fdd600a

SHA256
cf043466843b97af9d30839e741d6acbec37be6f5bba9b104971d97df0fb6c62

SHA512
326dadc0f50dbe2c05b9e340a126c67e1032621c6abcf96561643f38266428e0d9bcc3070758e0d2a01baf46a97a13025f36e573d9cc26897cb289ffda740838

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1d44338ec3cbda293f21f3adee248c6

SHA1
39195f263200c562dc599f90a58711cc3793e8fe

SHA256
c6c33776f0d1bcb5a936a4d4149ffa2f06063db0c8976c32897f3ff632607ede

SHA512
e77464bf325ee084f5c572001b846f886a20551fb6860eac53f8bd6735c43ed4772cb83ed797806e3e7c3142cb3c0a1df413a7c80b6cd1680347c1bf6713b414

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7eb7291c2c5cfadf2e0ccacc13e1722b

SHA1
2185e4040ef416a266255041d54c4abb94ac7a84

SHA256
5493b5cc1f38002837771bd922d86e52ccb9dc0c6c1be5dd92f21c21d67463ff

SHA512
e6a71bc6b12e0f519b56faed3e9f4086a392b63ded4e1dd6e130b10e9d92517db8da51f8b49464f31bbd3757dd6dbe1f7f5040b9832e2b91b82056c08d3da4f9

Download Submit