458fe6505ea854a5fbfe349138c24334ba86c35af1d2aa081949fcd75a7d946b

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 09:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

add755ba910c471203d5ca74fb0afe8d_JaffaCakes118.html
Size

182KB
MD5

add755ba910c471203d5ca74fb0afe8d
SHA1

a854b84a43026076d6d8eec1c4d63b6034a8d53b
SHA256

458fe6505ea854a5fbfe349138c24334ba86c35af1d2aa081949fcd75a7d946b
SHA512

6d16d9e8ba72fc23ecd8562d851107545915bfdf23a11385d2b53119e2ccda207c56a3c64b935041e22daa39c7aa84a666feccf1f2dc2154821801053259c7cc
SSDEEP

3072:9OB/BTU9qagvavOYvT+t8aNW0pS6hdxlq5yTcowzBpNjh9:097vavOYvT+t8aNW0pSgxlq50c19

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2184	msedge.exe
2184	msedge.exe
4060	msedge.exe
4060	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe
2716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe
4060	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 1132	4060	msedge.exe	82
PID 4060 wrote to memory of 1132	4060	msedge.exe	82
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 4708	4060	msedge.exe	83
PID 4060 wrote to memory of 2184	4060	msedge.exe	84
PID 4060 wrote to memory of 2184	4060	msedge.exe	84
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85
PID 4060 wrote to memory of 3436	4060	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\add755ba910c471203d5ca74fb0afe8d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb429f46f8,0x7ffb429f4708,0x7ffb429f4718
  2⤵
  PID:1132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5307399904667713572,11131716656295523549,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c5abc082d9d9307e797b7e89a2f755f4

SHA1
54c442690a8727f1d3453b6452198d3ec4ec13df

SHA256
a055d69c6aba59e97e632d118b7960a5fdfbe35cfdfaa0de14f194fc6f874716

SHA512
ad765cddbf89472988de5356db5e0ee254ca3475491c6034fba1897c373702ab7cfa4bd21662ab862eebb48a757c3eb86b1f8ed58629751f71863822a59cd26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b4a74bc775caf3de7fc9cde3c30ce482

SHA1
c6ed3161390e5493f71182a6cb98d51c9063775d

SHA256
dfad4e020a946f85523604816a0a9781091ee4669c870db2cabab027f8b6f280

SHA512
55578e254444a645f455ea38480c9e02599ebf9522c32aca50ff37aad33976db30e663d35ebe31ff0ecafb4007362261716f756b3a0d67ac3937ca62ff10e25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
23KB

MD5
e1c71f7c04be834f5587230db2ad24b3

SHA1
f3bab9cb99d9f343bf7ed3981aaa7450515d2424

SHA256
9fb6c768068467b58cc773a3907f3f5ec170bfe02ca8f301f6a232a9daf5a899

SHA512
205366b4a3ca0dae58722a19ba24088dd8db483db9d14b376434024b064715ade720347ff5de87db014e32d2ef8192e71bbbdd3c885d5a8581b4aafc6e88ce51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
bf76884b95be57af5c24bbaec26185af

SHA1
46b3228916194a76d7654715aaafff10e7e2b279

SHA256
876fc83d3d6a97044418a4b280cc513e7ead11246966de61d82535b145927e87

SHA512
2789dac6df3334f36c8d3b200476c608521179964f8d8eab3ed05eee4c0afce06432144b640400406525e5c8ee8df717ff1c73fa1326f798333fdcc7d0b3c0f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
8ecfa399aa88c3fd661a92197f76443d

SHA1
827098a4e0d54639174680ca947042ec2c9c8be4

SHA256
5bdf22ad683a90113f49d71d5fe335a104c79ecfafea4dc625397d7b1580e07a

SHA512
617ca5b94bf8f5bd1d2a8d4c9f31ced6ecbdaa000529cc5ab47c25d9067ca1a705797198df15ab1c4faa004861a4a950da7a58b0c8994752e26c78b9faba30c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
4d49b0272120ab030ecde90ef68a1421

SHA1
d8f5a19a5dfb828f124ebdbdcc0b83688f0f30e2

SHA256
cfd656b81fe845048de7f0300d5858f55f17e6b0bbc4afc5263942a717e67a3b

SHA512
2dd79e194a145e09893481bd2bf217084b257428617af74a2f59d7ce7a8b2afc0e353595dd4ec16b7334281ffb6eb9d822335c5dd6174a93d413553da1a28602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7241edfffdb4984104139271fe7c49c5

SHA1
6fe8402e7643161a48fb9e26a169c452d45899a6

SHA256
8604aaab5ef16db46e81af15d6468fc834da4fd68ac782940a7e2fe825bf51e4

SHA512
ce3eef39fc4d1cc6c23554e6825982a4cbe48061c66155671431792a6bd1598fae58d651dd594238dbdf49c4f5187b14655eef7f6cfee55a5050d81c5eefef58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95f1ad9afa584a52e54479e2b89c9af8

SHA1
a306d7a7f50537c773dcf5910bc7d9d6f347c69f

SHA256
7df0bbaaa2d1207aa125c0055ff921a9418cf8f345e43b90eccc4a3d2b04dbaa

SHA512
2fa38e1d2167fa0cbb650a2d101d7eab32dbf6836a91e7f763b171aa153f7eda2964807092972a3769496e67a2d71a74443ea98991d811d5753025fb1d0728f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\addb7efb-67ec-4635-b12a-4edfa53e82cc.tmp

Filesize
11KB

MD5
dd5627f88d0f1ce1fd20de592be36c9c

SHA1
4937fc3c629faebbd5c2752008793119345312f9

SHA256
a058910656762f0472ac0c7f65196f7929dfa1f4e4b216f14319e779a8cb6421

SHA512
194b7a507d85ee66e7a514d6790c9a8da341a6c6ed66ddec9f4f1025601f905b8e3bf48580a9138148b43fee5918c6621ac2b104873b677027282511dfe7a0c7

Download Submit