908adb5b8d001adbeef9d3e415e683a5e566a60d8c910b2e9a9e292891341753

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
17/06/2024, 06:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b7481ea0a56fa3b01aa56c3bc9a70fa6_JaffaCakes118.html
Size

36KB
MD5

b7481ea0a56fa3b01aa56c3bc9a70fa6
SHA1

a4ebe68542754a70c6d1df9283f19a25d227576b
SHA256

908adb5b8d001adbeef9d3e415e683a5e566a60d8c910b2e9a9e292891341753
SHA512

0b63aec17b7070c3fb9702b9d48f8524b3e3f90ce016bc340245daccef14a3172451bb6bdb794ba00cef3cfaa0695aad4b6389d3722ef0935704452601619f33
SSDEEP

768:zwx/MDTH3P88hARkPZPX9E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TtZO46lrl6lLRR:Q/UybJxNVuu0Sx/c8T3K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3660	msedge.exe
3660	msedge.exe
1532	identity_helper.exe
1532	identity_helper.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe
180	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe
3660	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3660 wrote to memory of 4372	3660	msedge.exe	81
PID 3660 wrote to memory of 4372	3660	msedge.exe	81
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 4760	3660	msedge.exe	82
PID 3660 wrote to memory of 3260	3660	msedge.exe	83
PID 3660 wrote to memory of 3260	3660	msedge.exe	83
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84
PID 3660 wrote to memory of 4832	3660	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\b7481ea0a56fa3b01aa56c3bc9a70fa6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffe11646f8,0x7fffe1164708,0x7fffe1164718
  2⤵
  PID:4372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:4760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:2536
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:2552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,15221007133285647891,6053902159860766723,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
614B

MD5
6d637f3ce6e405b91ba3d8908edd4481

SHA1
dec1a65564e4afcfbb77cddf9d1942a7a5dc9916

SHA256
1a2e52c52764819a12dc4f2fea8fde85dfd5e26771b13cc0dc58ee670907ff67

SHA512
860368e8e536d034e6de9d3f67b508fb6aa74afb8aab75a4530fd5348a8e24626d8d4bc0c042a9f3ba66a79553077c746db306c9549effaa04e5793f5c532636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
138ff8da137f6a01214d557134fe37ee

SHA1
e1d0f8335fc3c2ead6913177956020c796cd567f

SHA256
37f3eb9f695f6390b9a4de343123465b6658d71a1a70d76213a4e35faab80aee

SHA512
75c60440504a3361d8430dc525e54a83fae49f5cdf799698ffa45a4e70645cfa52157cd6a1ded941afcff6e0d29d628e5a9bedb121da32b5986ac557b56a32ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b225deb491f8086cdbf55718b7d89aa9

SHA1
1e8619d245251e3014c6d9f92dedc99ce5813f92

SHA256
830d46a156b283c128bc3f25f245b71b26afb091fe7f1c1e1eddb7bb31213a3c

SHA512
52c6a8a0926dd2e01c66fadf54a6fab3d0ffd58f5eb5be0c6ef7a4170c27bc4b33c437ed13b80cd25be45095c73f6a9dfd647db5b4f23b20b13ccf4073de90bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
968c4c9b27f20c374f6cdf576cc5f3d4

SHA1
089e4f5b1f8fac62c8892b747de36d7c7eb077f9

SHA256
8b8f40fbe47d2d915b757cba247b40531c8acb76e9d6ab67899eca93fef3e52c

SHA512
6828018a8b508614d3006e57dfc9fa467964a622df5fc17b8a7ef0f62cee277d0d22f31952eec9234d1964a77a9587003b693a6c8d6c4210d45f327503e11faf

Download Submit