3bfc6b3d575ac48913ba4fe96e67c8d3f98bb7e9c0bf65253751a456201fa0f8

Analysis

max time kernel
145s
max time network
131s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
28/06/2024, 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1869d4e6f1ba5272d3ec609eb2583919_JaffaCakes118.html
Size

23KB
MD5

1869d4e6f1ba5272d3ec609eb2583919
SHA1

5c5e95bdb80ccba8878bb8dbe785a533c33d85d9
SHA256

3bfc6b3d575ac48913ba4fe96e67c8d3f98bb7e9c0bf65253751a456201fa0f8
SHA512

92e2abe231f8efac22b359b095ed6f9913a1bfa5864884142e838e0f7dc3d24b8baa4fd65c1af63edc9bfc6b0bf41ace35cbc84394dd9f0a7a8192db7cbf0810
SSDEEP

192:uWDAb5nK1M6nQjxn5Q/gnQiezNnbnQOkEntkWnQTbn5nQtCnQt7wMBTqnYnQ7tn7:GQ/5E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4964	msedge.exe
4964	msedge.exe
4392	msedge.exe
4392	msedge.exe
4488	identity_helper.exe
4488	identity_helper.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe
2664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 1168	4392	msedge.exe	82
PID 4392 wrote to memory of 1168	4392	msedge.exe	82
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 1704	4392	msedge.exe	83
PID 4392 wrote to memory of 4964	4392	msedge.exe	84
PID 4392 wrote to memory of 4964	4392	msedge.exe	84
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85
PID 4392 wrote to memory of 4928	4392	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1869d4e6f1ba5272d3ec609eb2583919_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe85ef46f8,0x7ffe85ef4708,0x7ffe85ef4718
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:1704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3088 /prefetch:8
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:8
  2⤵
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3896 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5628 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,13139040093123095054,10975473183896452447,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4896 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
81e892ca5c5683efdf9135fe0f2adb15

SHA1
39159b30226d98a465ece1da28dc87088b20ecad

SHA256
830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

SHA512
c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56067634f68231081c4bd5bdbfcc202f

SHA1
5582776da6ffc75bb0973840fc3d15598bc09eb1

SHA256
8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

SHA512
c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3251b50f34a3ae89781f61a947596d42

SHA1
c3edf0812c56f7be425eff3bedcec080ab877954

SHA256
d4aa20a9e00e4684d870477ee20012999b315ec3a079b3f6fb2fd47d57bca6f6

SHA512
2c580b3a70aee892ecfba9ee3f72def908c68ac601a69f8bd67e4c5ade3913c6ff65226b6a99fb9d6b245ce11ee218366904679a5430c6d01b73a69be2f9830e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
05fb0e14861a95ed897a9522c8d98801

SHA1
1e7566ebd6302617355323f459f0a5b0a4b63338

SHA256
2274e4a93aa7e7e838fdc0f64157b9b0f025d82f37388c61c6fd9a4c68eb3376

SHA512
ae620bb7c547ccbedb0fc936d13092533fb67cf60bec33984fa578f8f22836e79d12fbb32a9656861177a312416ba315d2fd858c173a6bc4b76a2498a29d60db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2caca3dd65e928847d9dfab4481fefaa

SHA1
3d718853ae2d6f20cef926d9a1ac022e2e5e1c23

SHA256
d4916c9f6f0e875c1381dd1d3b5d40fef5fa0f2c1e5d734b51aa37167ccaea19

SHA512
928bab509bb58b8df092d8c5db007d6c8c5c90259ba941a0e2606e6eaf06ff5ce5817963a02838b31e3ea9a1a8c7a8b5b4acd314c5c1640d69459579de479bd6

Download Submit