618aba7992e84fcedf2beb566e04d39328071fbe75d9a60a514cdb4e0b759a87

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f31d7156d64da116de1de3501ba9dd0_JaffaCakes118.html
Size

155KB
MD5

8f31d7156d64da116de1de3501ba9dd0
SHA1

e03b019153e18e1de2b0e7bb4dede6c1514b2b37
SHA256

618aba7992e84fcedf2beb566e04d39328071fbe75d9a60a514cdb4e0b759a87
SHA512

364549d99df01ed4ae3a5874ec2e363d873c7646a5b8816d89afabce5ba8b92f07ba4eed7b975160659cf37c41b88dad9a06905f1ef3d030ee653875d0320788
SSDEEP

3072:SdmhjO+t09jDwP+bSeXNmRUSBuHszcATpcrlqNpugNc7fxdj:Sd/9jDwP+bSeXNmRUSBuHszcATpcrlqE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3740	msedge.exe
3740	msedge.exe
4560	msedge.exe
4560	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe
5108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe
4560	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 2548	4560	msedge.exe	82
PID 4560 wrote to memory of 2548	4560	msedge.exe	82
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 4816	4560	msedge.exe	83
PID 4560 wrote to memory of 3740	4560	msedge.exe	84
PID 4560 wrote to memory of 3740	4560	msedge.exe	84
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85
PID 4560 wrote to memory of 4664	4560	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\8f31d7156d64da116de1de3501ba9dd0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb533746f8,0x7ffb53374708,0x7ffb53374718
  2⤵
  PID:2548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,17986467857082692747,11461527763864906353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
72b928919c435afcd04956c7dd223295

SHA1
70dc3e01417061ba624cbf75fcc4410a1932e339

SHA256
78992d9ce0925f9e971414efc3bd45c33001c7e2d7f5651ecacd31ea29236430

SHA512
7dd7d65539e917623285a5b89340271c0eeda9a921c270ecf56d84eed93ac2b7e42bf7815228a03c9f26dbe32c2f79dd334a32153d0d173efa4147fe7c25226c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d18aaa51cc4bc87cd772a1bdf91aa231

SHA1
c3e591c529a5c71e8c6aea8f74c84db6944dff54

SHA256
fd7b13e6291394e6b45a7c03c3205eeeb9f78edc82d6a9ab2b7d8b6747bf0feb

SHA512
0a90a6493a5d396db815bebe6202f1db6676cefaaa2826177a4c9236691d57510e5c3b216a4995e54b5bfd82af0ded027a056955c2ba78960a4ff5749b3292a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
344f72b54fa414b58516e0da0a02f993

SHA1
99790edc12b2c9a326d0ca146e7f53a8a63e451d

SHA256
7842cf40bad34ef9ff5fae1f86ec6992454da20556125069e113a9547d41d268

SHA512
4e8182d558d8a68741fac7fdadb2a82188ba00bcb37fbe3a887942cd95b9445b8cc5f95e63033bbee5c8971adb11c835775625e54b7553066e991123f1d0686f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccbb49a79e50d79ab76aa6ed471980bd

SHA1
62a661648c153b08d3b0c40eed9deaa535519760

SHA256
688b1d61e92a38704175a6f4dad17b7c8356cf84a16fc7fea2a6fd3064f2f711

SHA512
0e86ceff11dec90c6e77763befc3042bbb9a53b0843448b3ccd4569c789e9565eab39aff1a8c67dec31d0dd07316d4db4960e594119f30356f6545c6e0087c14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
397a9ee3a1bf50365006fb09314a6f9d

SHA1
f4faf08dd319a4376ec4d3818e03edb4726d2784

SHA256
1e6c3390c09196914a0385422effe77bbd29fa024630e03b31292a863e93f665

SHA512
b77c2690e5a494f5c759a97a393ef90399e8773f72f2e8cf6060300833c0c2f7eed9f008f088fc36d4e5347f85d6a0d6f124395710765722c696ad3fce6a8a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
531888d66676148ce9d2bf99cd8ce5c3

SHA1
d8735057af37d759b2f58b0a3a13a050863551ad

SHA256
b28686aacad301faf4247da5e6a3bd4e18ddd3b081860622c51c6a8e06a63e13

SHA512
5fe544ba4f3ea90aeec61771d01346b0a823bbcc6593f845dce40f7d4aeadb8fdfe6641bd02de1ff52afdee9fa5ac410af1a74947f7b8e9851127f0ea72bf34e

Download Submit