0d63749640d3d591db4ce900f1c34546d934f5d056d5ae7577d63e3b787a83d0

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 07:09

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9fd9e0cc1fe96d006f0b69af9f3a37ac_JaffaCakes118.html
Size

70KB
MD5

9fd9e0cc1fe96d006f0b69af9f3a37ac
SHA1

630657204c37ca484bc105cc89ed193d8db157c4
SHA256

0d63749640d3d591db4ce900f1c34546d934f5d056d5ae7577d63e3b787a83d0
SHA512

7cdfd0932d319554d6eb3bf8dca3bf74a9834fcef9f1a013683e7f86e3cd1dd58f5bb59852089b86e8c3a469cb087e0ec96af8b72a8e6499d24e8dd4da53f9ba
SSDEEP

768:JiZgcMWR3sI2PDDnd0g6cYbhhfoT2e1wCZkoTyMdtbBnfBgN8/lboiGhcRfQFVGQ:JfYNhATTNen0tbrga90hc+NnhVJ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3808	msedge.exe
3808	msedge.exe
4392	msedge.exe
4392	msedge.exe
316	identity_helper.exe
316	identity_helper.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe
2224	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 3748	4392	msedge.exe	79
PID 4392 wrote to memory of 3748	4392	msedge.exe	79
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 2008	4392	msedge.exe	81
PID 4392 wrote to memory of 3808	4392	msedge.exe	82
PID 4392 wrote to memory of 3808	4392	msedge.exe	82
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83
PID 4392 wrote to memory of 3616	4392	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\9fd9e0cc1fe96d006f0b69af9f3a37ac_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdcbf346f8,0x7ffdcbf34708,0x7ffdcbf34718
  2⤵
  PID:3748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2952 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2900 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:3612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,2701191550355080319,1537425519538219336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5060 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
bce9da21396bf38c86b38b2798c9b462

SHA1
053806db38223d4b5fa60efe754e7394bd3c4fa1

SHA256
16e881b2c8f9e91fec9c9c48151068b882a37cf54d4481ebc27d51709ee02e00

SHA512
92aa808220a128f5268be39621c2794707933ee0e4999d1cd46940b422a8c032963f76582c517b1f5ac9c6b7da1684aae39bbcf0ad2d167253fa287029a4e2b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
401B

MD5
374250fd01f1eac4cfa066d3263e13e6

SHA1
54f714533881289f7df06a3f42987f381f4b7100

SHA256
224f7f4ae97035c55da923ae80482b24b891e3e384c6a6140b98865bd57ed924

SHA512
7bb643d9a43188c8ee8f657bed3e609acfa2c80458462283bf8fdb9ec2cd6a5e5b5150818a4e4be6bd2e730935e49b431d50a4c5709869012c10d331575e7eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ba7e45342d117689a2a2bd757227113

SHA1
02ab81123cdb09dfe5a3d64bb666e7effb55f323

SHA256
9e6802d22ae4c144c3343e3dd624472d48f5b905b2f87005d1f2ab7e9ac2047a

SHA512
e3ad29e1946a72071275b399835f2346909641358a922fc0b9a2a4e301eca9c7183109dd20d913070de0a2c6eeef1eb185c21a2178aadedeca482bdda91a3186

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f9323a68e3d8921113e3d57501b9d286

SHA1
0c76440bcdee1cd7efdfbe6e588de85d21a13bb3

SHA256
29f4ff7d242396ddbed719ae0d17324578768822c42eb4f77f4e2ffd04e170b6

SHA512
4376884d90897349e03c5992030202ce619d184d2626913fcfdec0fc6a50062db451b8c58efac840d73dc387b2cee1da50dd4674dec9a4d769cf830d29769d2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b9a3b8eafc18cbee160a01b1b3a0a8d0

SHA1
8451a10a996fb6fb1a9c62325c513bd5262635cb

SHA256
4b2b60f1d43fdf091afb32044ce3db2dc5f33cc2f794fc7e083a572018c7b4eb

SHA512
c7870c7f63b3c6072d1024a47bb2a0d1b38db037ecbb7ad12aebf6353274b2753a8e07fefe6bdc497c8cd6ad816fcecee9024b24bc49d3890173847cfb842dec

Download Submit