fc625470d7780de757f480eb92dfe3a386fd04092c57f88f93cf86fea5c0c6be

Analysis

max time kernel
145s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 05:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

a3e9695bd572947dffcb0a609917152c_JaffaCakes118.html
Size

19KB
MD5

a3e9695bd572947dffcb0a609917152c
SHA1

79a976dd42d7a68586dc4e415f3b29a67bcf86be
SHA256

fc625470d7780de757f480eb92dfe3a386fd04092c57f88f93cf86fea5c0c6be
SHA512

3c40e67d8063bb9e094af61a42b67253323a023d05f53ca9b7dd67845fbfc92c863adc4bfdfd644b372fed0d97afd1d43a07cf7c31783d45c63914f43ff7bff7
SSDEEP

192:9K/yOUhT9iqEWw/LTgE9d3N0nMMSjQNDMhvPMlUx9V6cxjb79DX+OunyiFaiSg:4/yDT9iDLXfeoQNo3p55OOunyioin

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3288	msedge.exe
3288	msedge.exe
4572	msedge.exe
4572	msedge.exe
1912	identity_helper.exe
1912	identity_helper.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe
4500	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe
4572	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3520	4572	msedge.exe	82
PID 4572 wrote to memory of 3520	4572	msedge.exe	82
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 5044	4572	msedge.exe	83
PID 4572 wrote to memory of 3288	4572	msedge.exe	84
PID 4572 wrote to memory of 3288	4572	msedge.exe	84
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85
PID 4572 wrote to memory of 1472	4572	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a3e9695bd572947dffcb0a609917152c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffad3f846f8,0x7ffad3f84708,0x7ffad3f84718
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:1472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:4244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,13750489966644975290,5268280791540310647,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4500

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db9081c34e133c32d02f593df88f047a

SHA1
a0da007c14fd0591091924edc44bee90456700c6

SHA256
c9cd202ebb55fe8dd3e5563948bab458e947d7ba33bc0f38c6b37ce5d0bd7c3e

SHA512
12f9809958b024571891fae646208a76f3823ae333716a5cec303e15c38281db042b7acf95bc6523b6328ac9c8644794d39a0e03d9db196f156a6ee1fb4f2744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3a09f853479af373691d131247040276

SHA1
1b6f098e04da87e9cf2d3284943ec2144f36ac04

SHA256
a358de2c0eba30c70a56022c44a3775aa99ffa819cd7f42f7c45ac358b5e739f

SHA512
341cf0f363621ee02525cd398ae0d462319c6a80e05fd25d9aca44234c42a3071b51991d4cf102ac9d89561a1567cbe76dfeaad786a304bec33821ca77080016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
cda6cb4552a675aa1edfa4c2aa4c1a58

SHA1
58517f5bbbbcecbfb9c632d3db00800205374b19

SHA256
d631934745cb49780a797f48841931388104f4a733b38cddf92d63f6efe50326

SHA512
15216af65f261f9af1157613409d4ff75604577ddefb4fd488357b07f64c6072b5afeb3cd36a61fbed50217dc859aaa3d421b87f7307ebfb9a180b08ba62547a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc2ee7488732665126283fc0fbf111ca

SHA1
0d6e99be75a0992189cd1f3827098070345605fe

SHA256
2668c4199a97b426e490fb70a0ca3824b64638aaecab345bdfaa08e5313129a2

SHA512
62c0c5c2862106ca3d83787b0dcbe2fb7dfdfea749273c1644dd22b6dddba9adb14709c5a6a0a5c7c750c7e50b58174472748144974cd8286e66a27c49fdb7bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a178c6c20a7b3d232b14cde5c37d7669

SHA1
4d071f1b81eabf9254af8fb3fbeb674b3d02965d

SHA256
946e22b51c78bf8629c7feeeb84ba86a442107aa4a7d7858c5a95af26d282c8b

SHA512
5ac901f1cf90818a50df4e1fe38d3825f554de45db088dfbcba9fc065331526661f1a8ed3dec9dd61ca69078eb6e08068808b1fae58bc619c349577b603eb050

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
66412453a475b1685e45ddc2922cec2e

SHA1
36a7932a945ff06262dfa9c67fb901f31a38e03a

SHA256
c6177553e989fb7f1dc6cf120a537ba28a57120480486717c260d170dea96bf6

SHA512
605e6fc69c0113772fa75d64aa95357e209bfa697ba5d8100684c76747a1c85e1a346af2e694c43f11e973e422ec0db555f4ad1f3dc6ed63e98555b00f0f6103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f79609d3da318c2d025f1907f91f446e

SHA1
9fb76a1d780354bc1ab989508e35d71c7d88993d

SHA256
6860cffefed81b35be2a459862784f32bd5ed91e9ca9fce526c71d0f51fd0181

SHA512
b30918202d1f8b319762934399cd4d5eea038cf17bbb8eb2bec0e1cdbac16e17c579290f9a9b3edc6bf6a4710134d3a3e2a43a2e229ddaf7a43bb87e3e9922dc

Download Submit