b47ac2cdbc68677f485936e4515234461693033ec75a908f01207ce365af92d2

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a6f8622f21b9feeee7a6e5cf3b976a49_JaffaCakes118.html
Size

52KB
MD5

a6f8622f21b9feeee7a6e5cf3b976a49
SHA1

ce69129a2d36a10d82d45af44cfa2a0df4f15098
SHA256

b47ac2cdbc68677f485936e4515234461693033ec75a908f01207ce365af92d2
SHA512

3f2205d9d8fb1f5c840d52b8dfad505ef7a2d40226cf8fe1edc4cb3e05d6577340a27923604b0693cf7c878168f748aa8d48fe2a1b620018830e8db01e4c69de
SSDEEP

1536:C9kuMVTIDfc7Sj8rbWl8z4ujQzil8E4ujQJLJI2bTJzOjbiWgmSLdDofkDvdmNs/:WkuMVTIDfcVrbWl8z4ujQzil8E4ujQJT

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1032	msedge.exe
1032	msedge.exe
1788	msedge.exe
1788	msedge.exe
1960	identity_helper.exe
1960	identity_helper.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe
2036	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe
1788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1788 wrote to memory of 2604	1788	msedge.exe	83
PID 1788 wrote to memory of 2604	1788	msedge.exe	83
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 3528	1788	msedge.exe	84
PID 1788 wrote to memory of 1032	1788	msedge.exe	85
PID 1788 wrote to memory of 1032	1788	msedge.exe	85
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86
PID 1788 wrote to memory of 3884	1788	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a6f8622f21b9feeee7a6e5cf3b976a49_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff8c9246f8,0x7fff8c924708,0x7fff8c924718
  2⤵
  PID:2604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,3052999557489341015,8786523139691141874,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2652 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2800

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
88ef6435c490aadc86d44cd174ab3aaf

SHA1
b81abc32d37d14e2f17b74b7003d7f88f5d9727a

SHA256
73cba01491a6a9a863b72e4d1c6dcb35346249f08883f9b7c9c14e8925bc0f2f

SHA512
71706c109d06bc8232946615452831f18806faeb59f1104bc228dcc8333fa162be0174f5ba78c6c947400cb500f73676855e7eedb0d0fba86c264eeb47817794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f2ef4406237292729df91a6de0502690

SHA1
2bf63d8100e0e0d9509b68546822849fa306722f

SHA256
b6969ea27ec608f5f0511afb9278521be47441687b5d21a694163a769d705dbb

SHA512
812117f1d202d7e6e29688a82b58cc2c1751fd5742038045ace9a22ba4716f8236fb75a7e9963d7c6c422c0c9fa69b59e179ba2ce239a819e86f438fd8395712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d0d04966f13189bf37106d09e9270fe0

SHA1
24b5b68be7c61754cd0d9b87ffced17f4e17ced2

SHA256
1967276f6b5db9c5a3ef4bdc79574c35bc5c881df234cb9d3b0a772ed911e63a

SHA512
552f6c853320484b7c9d7df1a348d58f59ca66ab7fc39d9adf6300b1a081dd5afa290dbbf0bb99e18b5a41ecbe1022fd6a8cf2cf69cbcaa279047f42695160d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
48f0d39f533ec668c6cd0e997674391c

SHA1
d09c6fb9f9d9ba120002f0514c218b4b8894b745

SHA256
532a32e16036c561d717d1cd8769069fa016d3675154e4325fdc558849f77533

SHA512
837847fd677c9c56b15836b57dd7ad62590d13518e1424e6f3b28409f2542b297553f55021f6919659ee75c91a209fc6150261d3dc8728d3cb91abd03a28a869

Download Submit