1e664451e95adc7e4df8fd1975f5aa184cf39d8ce6fbc2a203fa376e2b72d915

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 19:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9bc0d89301196c88eb84cc693d78290c_JaffaCakes118.html
Size

130KB
MD5

9bc0d89301196c88eb84cc693d78290c
SHA1

00c46862f7fc8d24d880dd5452b860898cb066d7
SHA256

1e664451e95adc7e4df8fd1975f5aa184cf39d8ce6fbc2a203fa376e2b72d915
SHA512

6452ae9b8766d00e232a78fb2676934d96b935c1d296c9297ee7d38227921dd870c232bb49366b3cf7bcc6063b58494c1c323d74e925e699505ea8bc5568bf72
SSDEEP

1536:SKrvjPoSjx3OME8DIyLi+rffMxqNisaQx4V5roEIfGJZN8qbV76EX1UP09weXA3p:SKHd+yfkMY+BES09JXAnyrZalI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3716	msedge.exe
3716	msedge.exe
1740	msedge.exe
1740	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe
4460	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe
1740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 3760	1740	msedge.exe	81
PID 1740 wrote to memory of 3760	1740	msedge.exe	81
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 1348	1740	msedge.exe	82
PID 1740 wrote to memory of 3716	1740	msedge.exe	83
PID 1740 wrote to memory of 3716	1740	msedge.exe	83
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84
PID 1740 wrote to memory of 1752	1740	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9bc0d89301196c88eb84cc693d78290c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffddd8146f8,0x7ffddd814708,0x7ffddd814718
  2⤵
  PID:3760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,11683959400897803209,4309183043594889527,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
9bb95e59d60a1bda0f98df4f4aedbdc1

SHA1
fbb99da7b1f87900812859736828eb45ff82e1dd

SHA256
6de178f1359b29eac4517183171b5182b556c7609b34e1fbbc5f45dfb3b7834b

SHA512
e17c43cb42d987edde4436cdb2c7ba10ca7cadd292b84779f7e51fbd4c66e7522930f86f10c3d25f0d0aefa34b9afeb547a5be87952e0a5ac8ea58c414fd9d62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
256B

MD5
6c5bf90cbdfb6fdf7bc98e436b82555f

SHA1
a7c991c7f1846deae5e5dfbaa06fbc655c0593f5

SHA256
81794077b853f615a3dc2e4fd96afcd7d71fd7fac9dbe09d5d1bf0e225a15322

SHA512
fd9f53d0d95851d2ac4053acd99147ead512511bbbdd760e7a9de3436ff28695e46f5ec884f925598fa1523c558f6da87af15a93ae2390072b03d101905539a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1bc9873391c7ec29b78c05df2d42e22c

SHA1
c5d184987590098cbf267ea6f18e9e0a2d63789b

SHA256
58add91c8dfaf66b908a17ad8914b48777783f25aec13b9620ac6549d90fe81a

SHA512
4258deab750bbb77680ffa7c462bc3111f6de4c1e0110856748bfcc117e0498fbe88b2ff5c5df78f529aa31c952d8d40e2b57e5937f08e522c777d462c7eea20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
648facec9d0337adb6d6bff55e90df36

SHA1
c3f5e66d5ee9ab8990e24dfb67c2fe003d4db355

SHA256
48cc30f99d77f7f8e8c1531b16338708caa275859e56c1da7b215b1462b3c74e

SHA512
b69c98ea98c76ba8f1e3f505a4373a9908357cf881cd20ecb2659e712e0ad7a4ad2c59644327ed83b805cb6ef173f97e6544429eb4ff421f55a2be1fd9485517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
792d436549dfa3e48312b74424610ab8

SHA1
fa7424ee1adda063728bc57bf80d97c36e19a7f8

SHA256
341b846e8bcbfe20f5a156f6b07c108393ce15af05ed6259273754097c2a7ab1

SHA512
f56a8b47bd1e8a6de1fc42e5c41cec43fcaf92c505b6086d9c48b68f24a8f5870469af4aaf1777f5b85f970d0a59358443c6ecc845260a4f9ef53a051c304b1b

Download Submit