b0a58bc9e2c232cf04951ef99b78d8269f682f6f18eb5303406762daa369d017

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
02-06-2024 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eccaf84aa6eb3727fd989874d00625a_JaffaCakes118.html
Size

19KB
MD5

8eccaf84aa6eb3727fd989874d00625a
SHA1

20f36b9b61b800c2be32e29e9a87382fb1a96602
SHA256

b0a58bc9e2c232cf04951ef99b78d8269f682f6f18eb5303406762daa369d017
SHA512

b846f3a6f1edda36d4ab70faf3d462b4ddd63084d7502f23bf0b379960ae0e582c2e949c57d91a440957c8b23eddd531e67cbcaa724d62739a60a6a290e18e86
SSDEEP

192:SIM3t0I5fo9cKivXQWxZxdkVSoAIw4IzUnjBh0u82qDB8:SIMd0I5nvHhsv0dxDB8

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4384	msedge.exe
4384	msedge.exe
3476	msedge.exe
3476	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe
2444	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe
3476	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3476 wrote to memory of 4964	3476	msedge.exe	84
PID 3476 wrote to memory of 4964	3476	msedge.exe	84
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 3816	3476	msedge.exe	85
PID 3476 wrote to memory of 4384	3476	msedge.exe	86
PID 3476 wrote to memory of 4384	3476	msedge.exe	86
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87
PID 3476 wrote to memory of 1940	3476	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8eccaf84aa6eb3727fd989874d00625a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc114846f8,0x7ffc11484708,0x7ffc11484718
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11444264478302429784,10487813913439145385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11444264478302429784,10487813913439145385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,11444264478302429784,10487813913439145385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2524 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11444264478302429784,10487813913439145385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,11444264478302429784,10487813913439145385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11444264478302429784,10487813913439145385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c1c8ecae58820e61bdb139b17de802e8

SHA1
aabe8e88c7428d0f90a403d97a739a49bd1ba8e0

SHA256
0cd9191208283e829961a1f62aa6d75a0ff4dab9b5e98d760f1997d71704f172

SHA512
21444133a2e922d41aac025e79f22923571acad4ae2237d714d98b73639b2760353e65b185c0824a5cc6c09fc791903c0ced0a7e318e4dc124f2da2e6235e6de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6f64055622bf18312f5f989235a255bb

SHA1
550cef93108a0ca65efadcb9d08dc226cf349a6e

SHA256
06870ddde47f7d60c926fe53ad0f4ab4b8548ea72b900926e4bd5efcd3bed7c8

SHA512
8cb4649a4eaedd72e9c80c5f8bf3698da1283255af699c7c1c8f2c651cc5bb8fa5c057a1b8887ab566412b142f924fc5b7f1443bc3a18785ecf0b9047d75fafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
65ea783e2e2ea064cde640c1dde1259e

SHA1
9fde5c592300c1c8dafe96be327f4a9c76a0bcf9

SHA256
a14bbb850a75381914f5bf9f87ac1bf78053ef6f4e78a7b972bf09e4ac33c85f

SHA512
6bae220a31275514e48fa1fd147d4f8a95171837934a3c7c892500bf73c5a3a93b7509db48d3aecda468c331fa047c980eef6d554a6088fe920279f0599ea765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
51053317475652c58b64f4bcbccc8fc3

SHA1
e9dd8b92dace62b5a888b4feb7e4e03021112f4d

SHA256
122c35115452b38b5f6fce2458c8bf4703a39e8bcad8af4b7aff5f8b53c6b656

SHA512
d8205ce0f230344a91f9742da99e7631668f294e00d55eeeab941a50d3c4bc776977c102cfffaf47f129286fb42e625d32cc312f0698c291510700b9629d25ec

Download Submit