089c9b0ff157c46b9ff201163b7ecb14ecd5004df173fe9cf85a5e214eeefc52

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
05/06/2024, 00:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96d4d2be38569a0908779ff9951526de_JaffaCakes118.html
Size

110KB
MD5

96d4d2be38569a0908779ff9951526de
SHA1

a66ae1330f537d49000b8cc194a815631caa2594
SHA256

089c9b0ff157c46b9ff201163b7ecb14ecd5004df173fe9cf85a5e214eeefc52
SHA512

c822ff8e3f66855fcac01b24171a9b75fba49af4f171d229b0ecf0ac6d5095cd6e2e0e461e4fee5924fe67058b96899145ed9355f12ac80c0968f594f54ae79d
SSDEEP

1536:9AeErygNOIlgvrHFE2+pWA2nwWgcA0yxy4qv5JRR5NHNEN1Y0gThPXNymPhtW:K1ryU26pd2V1BRf0gThFLPhtW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2260	msedge.exe
2260	msedge.exe
1564	msedge.exe
1564	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe
1492	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe
1564	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 4268	1564	msedge.exe	82
PID 1564 wrote to memory of 4268	1564	msedge.exe	82
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 3552	1564	msedge.exe	83
PID 1564 wrote to memory of 2260	1564	msedge.exe	84
PID 1564 wrote to memory of 2260	1564	msedge.exe	84
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85
PID 1564 wrote to memory of 1128	1564	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\96d4d2be38569a0908779ff9951526de_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff0aba46f8,0x7fff0aba4708,0x7fff0aba4718
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2164 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,11491511519836271758,10676109336720523331,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4816 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
922bbf836caf57a320c4146466d94ada

SHA1
65b83124246f05eeaa2a758342f177a31463e528

SHA256
daf428ba44f20228b3a15c6c42590d83f3334dc05c469ced1cdfe972e61438d3

SHA512
a88f9891e89bce2c3b4fb787032c654b8eb2234e9538470814145d0a2aa8b91ea6250288b61e65ac4ebd4842d37ade34ac8788d7893fcd282a4784a703782e1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a498f5b425316bd69ce9144058884492

SHA1
a427e454cbcb976a45160cc200c648a3e80bc6b3

SHA256
dbb80893e03ce665deb61f5b4d8e9f45dbc6652e23c42d5695d72d4e63ee9bc9

SHA512
ae7efb75d8ac60e9e58d68cec0f91f93f32ce4ebe7705b236ba08d069f28a5cf16b269392a9333f0fb7a865903905cf120f21ed2c809acb19b33906087f6cdfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
61db60626be40ac08adce9170c15570c

SHA1
747de44757b869802a9654ea9459369e491f879d

SHA256
86fc300515c032b7d8e1e7993946974c4ae926583a5330f7baa491224283cd8b

SHA512
8647fd4ffb8f34e4c63c1d9d704d22b2f3cbc52eb379f2db5aba1b18cb322bd285ec9ee5de22e2d68a121afbd8b76c19c58f36a1908546df675cf45b13c2314e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1b9bd9b2eb94f701cd33e5a4401a56b6

SHA1
f6c0993beb87b1ccdf8b1843788f0fb8c92a2c8e

SHA256
977f7c857fd54d473c73ab09c974d4cde8f93398568045d8cfab84d7e652dbd2

SHA512
11a5e355fcfdcb2e6d683aedd2edc82dba5b0d8fd16ba11c548ecf7e31997b10f98c9ab1e46e9e6890af0222df58030977d3b03b6bef1f7be14f2b963e676cf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a7f32234c5c7b285432cf49d5e0719a6

SHA1
d0b3b8660bd55612d8ad5943bbe23425ed107a80

SHA256
6ea8df5845fb65f568ca0fe994ce0964d34bacba677d27401c7f5b6d016901a0

SHA512
b1ea07b32a1d8bb9a2ea81cd4fa17b23b6eaa3ceb0988323b5b2fd2476222e3cfeb506030a94ce4182fb6c76799e4200bac7ef4a5866bd4b121f1e3e857242aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2feb4c3105eef8ee901f8177c3ad5c1c

SHA1
cbd37b47008af474d5597d9f151d239df95ed94a

SHA256
e7643206a660293e57b67f726af366a90d61a650187bd58a5be9c1b23bea81a3

SHA512
d4c50c3a26ce2083d093f949012937988e66623a1b548abc708205030b086362e780a9bb320818cd5493b64345adf22a7ab8d5f0214c31dc63c7cdd183672c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b7146836d1d9f9e7413b142db50ef475

SHA1
21515ebc7795d289988859228129aef71b2bf4e6

SHA256
a648f11edefcd5661b06f96e2cef60035d50da7b90f5fd53e34784dc7821518a

SHA512
4b933ec4b4ddf8c1594129a05166654f842b7427e52adcc2fd838589810cbf90fc0c3539b36319f58f5013c926b7477a64417d92d490b70cbaa27583bb39300a

Download Submit