08a1b14b119e829f8531314e02da21bc4250fd49070a97bd7795cc7342e5b4da

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 00:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a76340bb9830296a7bff86e3e6e4040c_JaffaCakes118.html
Size

46KB
MD5

a76340bb9830296a7bff86e3e6e4040c
SHA1

99913f215b7eaa61cfb768d0f77b0dcbe1dc94e4
SHA256

08a1b14b119e829f8531314e02da21bc4250fd49070a97bd7795cc7342e5b4da
SHA512

d9089c7f32ed5e7893286dc66c4678030b84405c4de2729b8a93e9c50daf3fa27b5593b544fa0a2ee9a6d7c1577730ec340972f0dce855935bdfcb9618da652a
SSDEEP

768:BBJqidWXkaiJdr5ThZTLjTKTfgTj6TATkTqIdrAuNAACuFN5jK1AhZxgf:BBJqidWXkLJd5TTT/TKToTeTATkTqIdI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3408	msedge.exe
3408	msedge.exe
1912	msedge.exe
1912	msedge.exe
4804	identity_helper.exe
4804	identity_helper.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe
2008	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe
1912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 2648	1912	msedge.exe	81
PID 1912 wrote to memory of 2648	1912	msedge.exe	81
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3600	1912	msedge.exe	82
PID 1912 wrote to memory of 3408	1912	msedge.exe	83
PID 1912 wrote to memory of 3408	1912	msedge.exe	83
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84
PID 1912 wrote to memory of 3404	1912	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\a76340bb9830296a7bff86e3e6e4040c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff928b546f8,0x7ff928b54708,0x7ff928b54718
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,8225298498814317639,11705601247025317681,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5128 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1356

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dabfafd78687947a9de64dd5b776d25f

SHA1
16084c74980dbad713f9d332091985808b436dea

SHA256
c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

SHA512
dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c39b3aa574c0c938c80eb263bb450311

SHA1
f4d11275b63f4f906be7a55ec6ca050c62c18c88

SHA256
66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

SHA512
eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
745B

MD5
41d63cdf7b47c3eb03d613818f81fd3f

SHA1
cd1a88029646b52f5fafc511f55c8ed26394620b

SHA256
3654c9952202310f795120fda5ca1458d17bfc879bc4d9528a596eed703ea1a8

SHA512
5af6af9399f36fb575d78016bb6fca89b8e9df13314727e5acf7f58ab73f1baa2bd7d7eafb539b8b9dee88d2975e459a62f55e4c2c1cf7989499cf0521af3673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebc7b988c6df8991aad935caa972a8a6

SHA1
5155f349578e0f219f3719d59b46bdf08d7907f5

SHA256
1e055b9ea1c0c5e002157a95ce6815a24e15b2f9fa716cf2869500c5a5b3b6d4

SHA512
b8f74632f7f3a707720dc77c767e6c18825b423fc8c3007edef185abef15f7e7ea135b173a157ff0d5ccc5f252578e297f07e631a35365446d865d70891c4a8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c245b807e39b3294f25749433736a35c

SHA1
2b02a07662484b11df054a6a7bd218a457ccaa35

SHA256
9036e7527e196a8fe775e8af842d86b321f4aff00d2a18c6a173f9831b2a23b2

SHA512
2fbb39a4589b7d92f5c0ece1fea3fd2d3cfa78fe401f1dddccb13037fa8fadfd102c3db2d4aef60361870f8c684884e354f8b43da0ab2f6666a72a59a783104a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5442fcd0bc13e0e3314c9d066a526905

SHA1
fb2c4221ed78b83eca78eb9680b154814980a55e

SHA256
ca313b4f9837dd665286a22f40674b14984f9cfbad69b78e8b20ad1dcf4b083c

SHA512
8b552c2e186f1600e9b071df0211132b9999d78b98e894afe363e184b0bc6e63f81c10417d61a4e767bf83486694c0f7ca9546be551c1b7cb0224232789cd097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
391c4f2f3d30b04f382cec54573d6364

SHA1
4e001b20640a932ad263c2c0417d492876f67f76

SHA256
13fd6eeeebcb2067fe70a373941414e4b816147e5772b2713e1a82dc32445563

SHA512
992cae75635d127b61c8d885820d488e8df13641ae130221147ad3d48b8fd9cb6de0d1bd305b55fa133a2d25d51b31d350492aa78eb233cf905b4f23a280d2a5

Download Submit