0580afee07a4127c49f5f70b4a81576accdfe651dc7bd0ab52e6f3ecf76c2272

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 10:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8dc03c6ea83d5d2b2d770ea13d9e5caa_JaffaCakes118.html
Size

19KB
MD5

8dc03c6ea83d5d2b2d770ea13d9e5caa
SHA1

9605ea62a34e88a849beb91fdde21d8b09d730de
SHA256

0580afee07a4127c49f5f70b4a81576accdfe651dc7bd0ab52e6f3ecf76c2272
SHA512

8b27d490f69bd5b0997be924a2326693c97e5de1ff2c13407b8483a3eb4519321f14ddf29145f6f6806b66070b6c258fd8af00d0c598382cdb152f0de1466aee
SSDEEP

384:1LssSlMfkniIl9KiSBjFOM8GLQGjVF2SQwxGdlloNTzIUWd:1LG3niIl9KiSfvx/2S6IY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2236	msedge.exe
2236	msedge.exe
4780	identity_helper.exe
4780	identity_helper.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe
4600	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe
2236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2236 wrote to memory of 2324	2236	msedge.exe	82
PID 2236 wrote to memory of 2324	2236	msedge.exe	82
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 432	2236	msedge.exe	83
PID 2236 wrote to memory of 2912	2236	msedge.exe	84
PID 2236 wrote to memory of 2912	2236	msedge.exe	84
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85
PID 2236 wrote to memory of 1776	2236	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8dc03c6ea83d5d2b2d770ea13d9e5caa_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcda8746f8,0x7ffcda874708,0x7ffcda874718
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4592 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3728 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5054963184514041056,14252434172224755820,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1264 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
469B

MD5
ab1b4b69f7a852ceefd13327df8eacbc

SHA1
c65c40e3ad34f74695db07e2516c00f960958f29

SHA256
1d07fa0db6c6ae837530feb3ac4d84e95542622512b5f02bf88b751773fbb1e2

SHA512
50e2739464eb3ef8a92f5d0fa8d785d1d9b1a09b11b9a351461bed1c94932355959949b2a88f2b710d14cba5a18644f2413ab142fd92debf6a93771e89355274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a3eaa3a441b7896a9383ba5f7c4e7052

SHA1
c511a673e80ff0a29559f8eeabe175d0ccdca660

SHA256
c3d2d1e7de8715d2fcca43b4bf62339256c0fdefcf32380137c564f0e84d6d54

SHA512
9a0c70cacf7966ad9791634927d213eb0ae1b19d7355ffac7f199265d5436f16872506cb0d94afff78240a4cad420ef848a8feaa02b94d95457b995a64487f1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b1ae293eb4a38f0d6f5ecd752a1b7785

SHA1
a9148b37046cbffe491ec6154109dde91edccf04

SHA256
545d8c31c022af3a6687db2b6924c3b9398912488c5d8257cfeefbec3456b973

SHA512
eec0de0ac9d968a4baf2f046fc43c9caf4dc2175805aea4b17a5c86ca1535ac1ab87f8fd6ab860f9f757a39b84b3511f6f6471160f0d2ce1a3f9d001c6140772

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ead3971c8b4583bf7cb18663d8491182

SHA1
0aba84cd9a4bd7ceebd6508b02c0f9edd9f762f3

SHA256
043c262f97cb6e17e975d5fc1a35f23eb31ce7bf5dad5fc10e8405f95da59fca

SHA512
4d34a6e3b9ac364353b5d1c225fa089cea4e89032357b60ef0d6237c5cd5f5820c1c2e811247596504d0a7d351f378dccb14c2787a8fff13a182ab507a46eb8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
54accdf5aeecb1165b05aad65e4058b3

SHA1
5192b1ddc00401b9ef86db12a1754b98a4e6b015

SHA256
b92887ba2ad200d1114b7db6b06bb23379f557829ddae377194d852a148954b3

SHA512
ba436013e860b398a5911a2b969d52c72e4e62c6ac5d4719c518165f23f1d8b6770fb7f94f9e4e6806711f3ccfc3a0ccb3f3f2ead2d1bf64dcc1851872995bcf

Download Submit