0f9a1151d1e93e30304ed9df837cbbec6c0bf86a6aebd1bcea0fc09f7d991ab0

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
13/06/2024, 13:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a5e356ee1681aac7c157da69668ced8a_JaffaCakes118.html
Size

59KB
MD5

a5e356ee1681aac7c157da69668ced8a
SHA1

c0bdeda029a78353b679e0596bc20fbeceaddcd8
SHA256

0f9a1151d1e93e30304ed9df837cbbec6c0bf86a6aebd1bcea0fc09f7d991ab0
SHA512

602e33296a4e73fac3f7a5ac8fe54d0e97332992f1dc1fcbf12e93ad5edb64685908a4800a8524f888eced825de91e75b2df6514b7e4a4f6cbe7192fecd8c0d3
SSDEEP

768:qcVK+py7hgV4EgG07qFmLRFh1DQwQPThMX+C8qFmLRFh1DQwQnN4+KMtAl29YB:qtUya4EC7FQ+UFQnKMtAh

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1404	msedge.exe
1404	msedge.exe
1988	msedge.exe
1988	msedge.exe
5076	identity_helper.exe
5076	identity_helper.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe
2172	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe
1988	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 5000	1988	msedge.exe	81
PID 1988 wrote to memory of 5000	1988	msedge.exe	81
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 4376	1988	msedge.exe	82
PID 1988 wrote to memory of 1404	1988	msedge.exe	83
PID 1988 wrote to memory of 1404	1988	msedge.exe	83
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84
PID 1988 wrote to memory of 2632	1988	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a5e356ee1681aac7c157da69668ced8a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbbd546f8,0x7ffcbbd54708,0x7ffcbbd54718
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:3860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
  2⤵
  PID:1980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,1129383239863873480,104103558642674409,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:8

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
1c30cd6e639a3f4ce055e1665b3d827f

SHA1
55545288f7710f5623093a601a156d12d6a87931

SHA256
a555fb45353bcc38a82881a126c1da4d95e11c995c49c015237a492e8248f782

SHA512
823d25fdc2f093f0079589c1431f2b365f995040441794f38ad6ebbbfaa7bf35ec60ae833d42212b5ce092903b82a962e15c458c83772f4e911584e7f11f21f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
53431ecd7b6069f2c648f7fa39a63512

SHA1
da7459766dbdffe2b52eb0bf05340c7bad2db1f7

SHA256
333848fa823c4dc87fe914442cb55d38242aab4fdb613855f93f2cfd81f6d202

SHA512
fa69d3243eb021b0ee7a58621d4c42a7b90627281bc4f3b5615f5f39bd501792453204aaef0c3471cd6e12d0bb46949fd81ef62c517edb0a41cbfa24216ac24a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
396cd0cb8b858c3ac7a16ee4f6523fea

SHA1
8af9a776640d22b2f518222827b7a46ac16e54ee

SHA256
76a4948887d56f81aff2d5162792118560f5a6c8b3bd55d025a8c00288df71f3

SHA512
125c6158b7ca9b6fff03719989b1e5bf2cd5ce46158e0cf63433c4677a87100bc24e4e57b3840e4f1a9f6af9b665295349c188578249fdc568100dd442b5c903

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e48efa61476fb8d992a2b51d4a03e1c

SHA1
28c7696d2fe98ecdebec002bddc650432822c81f

SHA256
3d0fe04dc3c0d0d8e7485cb78eb3958b0fc0962a3afe1e68759874c6dcd40854

SHA512
ead5a609f896725720b56cb35b2eaa2ae54c1abc3bfc0ef3dc7763506dc049a7f8e37680a9721aec38e414ead5b65f06c74f45593cbac8a69bbc4249ba34b14a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fd1664b20c6d1c5dd1e51c35fd7f0ffa

SHA1
3245fbb5bfa25e8a95b0ad767265cd50bdc5625f

SHA256
e38fafe16ec4e56de5a205a459c1d855a6c007945930437867b1df4c53aa53f8

SHA512
a1c2d35d276fae8d448a746599b4aa425afd8385d9b42ed9aeb253375b9d52d370b173521e74478e489a4a0d9af08f0f548801e941380886db95e9e12499a35a

Download Submit