4988d586470f5d49507246ec2290b61ef8ab6cc28cf238831ed23f6b79e7bed6

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 13:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e2fa3c3d012caecc39f5d5889cbbe59_JaffaCakes118.html
Size

60KB
MD5

8e2fa3c3d012caecc39f5d5889cbbe59
SHA1

a4bbabcdc5e9aa25368608ccc630ad16209d0b3a
SHA256

4988d586470f5d49507246ec2290b61ef8ab6cc28cf238831ed23f6b79e7bed6
SHA512

493cb450265c4ef7273445a9a34019a41ebd85d1690505f172780e031987e3ed9d9c5b52c3cd6e4b9f32bed3c64205b9cb68c0648c60c6505ee2b6dd65cd1fab
SSDEEP

1536:b/CNpW/TXrQON3/dl4TSjG6Efty0O1lK1GA/hSPX3vRd9yK765sOy4RKK4fEERmq:+bW/TXrQON3/dl4WE1y0O14SPX3vRd9z

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3964	msedge.exe
3964	msedge.exe
1616	msedge.exe
1616	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe
4172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 5112	1616	msedge.exe	83
PID 1616 wrote to memory of 5112	1616	msedge.exe	83
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 4652	1616	msedge.exe	84
PID 1616 wrote to memory of 3964	1616	msedge.exe	85
PID 1616 wrote to memory of 3964	1616	msedge.exe	85
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86
PID 1616 wrote to memory of 4168	1616	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8e2fa3c3d012caecc39f5d5889cbbe59_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcce9946f8,0x7ffcce994708,0x7ffcce994718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7996054167704090334,922722943607126778,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,7996054167704090334,922722943607126778,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,7996054167704090334,922722943607126778,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7996054167704090334,922722943607126778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,7996054167704090334,922722943607126778,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,7996054167704090334,922722943607126778,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4864 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4b4f91fa1b362ba5341ecb2836438dea

SHA1
9561f5aabed742404d455da735259a2c6781fa07

SHA256
d824b742eace197ddc8b6ed5d918f390fde4b0fbf0e371b8e1f2ed40a3b6455c

SHA512
fef22217dcdd8000bc193e25129699d4b8f7a103ca4fe1613baf73ccf67090d9fbae27eb93e4bb8747455853a0a4326f2d0c38df41c8d42351cdcd4132418dac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaa3db555ab5bc0cb364826204aad3f0

SHA1
a4cdfaac8de49e6e6e88b335cfeaa7c9e3c563ca

SHA256
ef7baeb1b2ab05ff3c5fbb76c2759db49294654548706c7c8e87f0cde855b86b

SHA512
e13981da51b52c15261ecabb98af32f9b920651b46b10ce0cc823c5878b22eb1420258c80deef204070d1e0bdd3a64d875ac2522e3713a3cf11657aa55aeccd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
368B

MD5
874cfc7a07cd56b2d8d7db796fe4c5eb

SHA1
a3d6eb36be2d4dcbb3362f713ec2e615a9eee421

SHA256
279143c264bcde561477c57c2f70b86cd1368b7995735ddbf600c40a8240acb3

SHA512
0b92911b994eec66e0b37cf909ca8542da769a8af43b86d5df31909b86b4dd0727afb3fbe1eb104658f7570d1daa8b7acea013fdda8291e35d38af9aa1f713b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7fad5fbeb91daad269efd6722f83decd

SHA1
f1afe26bc4e378aedb994f8d599dc64603b8e1fe

SHA256
d75dca388a1220092a12a2c00f3d135795e60c8bad8f7a5cafc71c21cfbcdae4

SHA512
3b8e248ac4424381f6e3f627138e53fdc85a30b743505cd946e24335e7df729724bd718eba8b7ff8e8ae6ecfb848cfdd76ba7c0bdb28678e054c52c196220c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68126bd79b9e15a1de5bf546eea9403d

SHA1
1cf63ae8d4453933eaef9b9abca38993c5213b66

SHA256
9ba63ecb411e13e61f59851b63466219067c4a19f7d0e354a405033cca3fe5ee

SHA512
b0ea417d0d6cb6701f79c466a0e74d72933e90b6294e16999515e003ece46b348e91d654da2ee8031cd10d2b53f9b668a6b93b3fd55f11c61f16f02573e593a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
15d18989aeeb1677c4683b298d96a7b6

SHA1
60daee56564b5515e3aa5889c58fdfbbab3505a0

SHA256
244c08a2fa0f3c7053f8d0280bcbfa8fef82e071071f5fbe39d03d9e7c8ce726

SHA512
11663a832a6d785034d2916167e370988dbbd693c7fc1640f041ce319fe1d0cc2886ccdb0cfdc04d563cabbe7a150c94534cfc2f65d55b9c703b9c2ed4f39355

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
386aa8f5b1a2c121ca44d2022fc8334e

SHA1
ee2954c8b2b5b2dab6e14d79113feef3232a4b97

SHA256
c834908da636bac407718925ec83af4f22fe85c20f4933eabb39875fd074a4ad

SHA512
15e41a4033e604fd6d9d9e2c20ef9dd156505d2def3d9665d6681c9bf37b2b1bb19194547734280484112e3abbea2660a900b38b39474c0b3c7dee54617a5ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
253d8d1c509b5ffc4b75c64833297f3d

SHA1
ad485b4f11e202dbb820fd2b506bbd216d0adef9

SHA256
8480ce0b672f0714b2b0f21fcb15cb35e43b4c48563a3a8823105b8bb1944b42

SHA512
6e6d5fcef3ba998b6c8cb2039bf5f37a91a3369661918c8d3ef7a01e4af9065d272f8f400151fca56c44cb90bae08239febc70c2c637a1fc13f78adc1045d959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e5ad.TMP

Filesize
204B

MD5
869d17afb566865179076a414ca8790d

SHA1
25709a0eab87fe6159d06a847f1004fc42090a7c

SHA256
b65c9178fdbb25f6640cf623c569d5765cb4f7eb1170885823e590268abe89a1

SHA512
6fdc06673addf3fe9992fa5948a0b274da2f4df2118780e8c9e165c01482bd4e0bcedcf7897c578248a9a4df683370db229f0ad5af9611102a4f25c6cc2bc0e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
58a7858ec65277ce6a0e913f24b4d042

SHA1
9a7af4575aa06a63863a2e4e04caf09b25aa83a0

SHA256
d919bc9921edb8686aa9ebfa80bd78306a453926f81e0ce1612334a6ca459575

SHA512
74a12a470d0ab539a593cbbfec9081bd5e9a84e931325109cf8075090e3159d8574b32b7e004f4cdc52983d709286f814d6c92133d3102d0e753c62667849cdf

Download Submit