7d8950f68d4d3a26dfbfa9131c83d000da91522fce3c2079d3d1fa4b9dbfe106

Analysis

max time kernel
149s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4b6c0f09d5b971f80b9c035a25c5378_JaffaCakes118.html
Size

99KB
MD5

a4b6c0f09d5b971f80b9c035a25c5378
SHA1

595f2d4cc693528e6eed26cf45e3398bfb16c9f0
SHA256

7d8950f68d4d3a26dfbfa9131c83d000da91522fce3c2079d3d1fa4b9dbfe106
SHA512

1b6b111526106a410a8f7c14584f14ba9a1e6b202a01ba1aad6b7d5fcfa370273d149118598e9ed1b45250c4ac1bcb1ef49ae3ba0f84b40224ebebc37c3f1422
SSDEEP

768:IeZBMlXwsBiwylzzdwRf72KRzHM8yXJ5J8eBPlmXuBPs3lBZ70e/jd729fl:A94zYaKqJ8ezmXuq3lBZwebdE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4248	msedge.exe
4248	msedge.exe
1016	msedge.exe
1016	msedge.exe
408	identity_helper.exe
408	identity_helper.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe
3732	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe
1016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 1640	1016	msedge.exe	82
PID 1016 wrote to memory of 1640	1016	msedge.exe	82
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4428	1016	msedge.exe	84
PID 1016 wrote to memory of 4248	1016	msedge.exe	85
PID 1016 wrote to memory of 4248	1016	msedge.exe	85
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86
PID 1016 wrote to memory of 2816	1016	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a4b6c0f09d5b971f80b9c035a25c5378_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb750746f8,0x7ffb75074708,0x7ffb75074718
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2064 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1876 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,5223608214015109540,5456599895784799956,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6080 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
a0cdd1b2519b1cc6d3de64bc31861210

SHA1
d6a08ffbea95080803084a4ccf75760c171b7d7f

SHA256
0cd4561e87ee47e9a590c198b739d30520108b06093bfdf28a521cf4d093d395

SHA512
cde6a455d22f77bdf2d5d98dd0861947e177f8b598176e44c3ff0ec061994b1fe1e0145d0a0f183a6172599e2947f0268fa1a45717883afa390d459bb2fdcdff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
356fcddc2ad00b356a91032a66876d4c

SHA1
0f6e9f6df3783aad8a6566568b96cba71b506aca

SHA256
2144ae0556e37ce217babc24b73123a8ab6abae929f2aaee4a6eebd354fcce64

SHA512
38baa4708d4fe9a3ec6d429b86b9d8966686de9ebd32c52dad90d3ac5fa081ed9345ebac2c8c3a8283e72a13a77e2a65e4a5f837a2b8dcf3c588f07c92249405

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
31d2f41eb66193d575bb21cab261829f

SHA1
21ababbbe7a3e68f4106925762c047ceb6cb7217

SHA256
82ed1003ff4c793e352fbc6eab3b7f3af426dbf28bed10352118dda5a17e29f8

SHA512
72c5d97696fdbe9c68629a3f25b518706d5cb97587fcdba80c3940acce08591f99e1ba8861cbc0afd89a782e717f12f99e34acb274995a11abbe2e36c176ce75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ccbeff63561c3df8de1b428fd4570734

SHA1
b5eed01dd564b100fb8e8e34601c8c03cb800e7e

SHA256
de5cd5ad3d28532ee66ce10c632e222ddf71f9c2b3ba995413ba92fda541d213

SHA512
8d2a51e0560df79f26415a8973f16dc1b0f50d9794eb2ac41c6dbcb655957a90fd70c1f4e23bd680735dce289c7246b22cf8c52fedb69a2fb5eea40e9449c5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bbc36ab6dc1fef39995a516348f577a1

SHA1
23e9443ccee3844e07e9a6e353e2f9fa53292a7f

SHA256
f03acba2b6216c5397de38a1778feb4e4c6e0806b0bd3fef4dcfb59a372bbef6

SHA512
651abc6a3e9507643ec9ce9abeedd0916da9a1f7e811c1c32e9c5fb97358826f392eb0521b50ff052c7309eca7b61aa0bcd89894c298ca0e4e33cc837319bbcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
911087d3830854dba5556bb60df27df4

SHA1
0372b3ee1d21bdafac9cec837e19685d45aeee21

SHA256
a955c8013a9791e81cd56741e2a7ffd4be4c5cc709d99ffd690a1825a149bf35

SHA512
3c1f1fcec0c88b316dade410f4a56f208e8e2e8b8946f6c108b5179c0fbaade60ef4955fb1cbc9af3713b09cad2f68a5416159a0c3c7166dbc315c098509f5d2

Download Submit