e0f10f6dd4a0c05059cb5943326c9de86e41dc35c0b36dab619850416dcd72b7

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e4fca1685a2240b5bfac8ced45d063a_JaffaCakes118.html
Size

271KB
MD5

2e4fca1685a2240b5bfac8ced45d063a
SHA1

93ed4cdda717a58baad896b1cf5d84ccfc082825
SHA256

e0f10f6dd4a0c05059cb5943326c9de86e41dc35c0b36dab619850416dcd72b7
SHA512

e3ec7a43c0aad2f8755c21dcf946f51bc2ac03dd5efc1272623a053097e247039b06fa2ddef2b3ed202dd8c5bcb24f0dcc883de12343d8feebe83e1ad1f71791
SSDEEP

3072:5B2nptrLcfu37p3vcGcKLhsUrAoMPUxdRPUxdmQaVLLDpInhPFGn:5B2nptrLcfu37p3BmMxdRMxd03

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2964	msedge.exe
2964	msedge.exe
4932	msedge.exe
4932	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe
4932	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 4908	4932	msedge.exe	82
PID 4932 wrote to memory of 4908	4932	msedge.exe	82
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 1100	4932	msedge.exe	83
PID 4932 wrote to memory of 2964	4932	msedge.exe	84
PID 4932 wrote to memory of 2964	4932	msedge.exe	84
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85
PID 4932 wrote to memory of 2772	4932	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e4fca1685a2240b5bfac8ced45d063a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2f4246f8,0x7ffc2f424708,0x7ffc2f424718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2692 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1832 /prefetch:1
  2⤵
  PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3868 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,10960419014143104384,11989796529939332646,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:3684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
210676dde5c0bd984dc057e2333e1075

SHA1
2d2f8c14ee48a2580f852db7ac605f81b5b1399a

SHA256
2a89d71b4ddd34734b16d91ebd8ea68b760f321baccdd4963f91b8d3507a3fb5

SHA512
aeb81804cac5b17a5d1e55327f62df7645e9bbbfa8cad1401e7382628341a939b7aedc749b2412c06174a9e3fcdd5248d6df9b5d3f56c53232d17e59277ab017

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f4e6521c03f1bc16d91d99c059cc5424

SHA1
043665051c486192a6eefe6d0632cf34ae8e89ad

SHA256
7759c346539367b2f80e78abca170f09731caa169e3462f11eda84c3f1ca63d1

SHA512
0bb4f628da6d715910161439685052409be54435e192cb4105191472bb14a33724592df24686d1655e9ba9572bd3dff8f46e211c0310e16bfe2ac949c49fbc5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
c0f38910e4be3afeb1717850ac73c0d9

SHA1
2f1907b88ad97b29a08c0328bba5e12f046a0b18

SHA256
50a5d36a6bea0f3d61f6c5e219c633351447114124e7c602bd5a92799e47e1c3

SHA512
421265b5f52356a5579c9c4d295ca11d0382704dd51ebb5b5b73d214e536a080095ee8e7b52ae3c81a25ef39380afd47c3e4a1a5000b3b8ec39ff35e6a4d9d49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
864B

MD5
f1a8eeeda2c854c2959394d812f1abf2

SHA1
d5fcc7d6337725bada76e4f3f2968707cb107b67

SHA256
0ac651627211578e1cee62a0e2800e9ed97d51db9850d7dfc9f6375299faf23e

SHA512
ba42eb3c9b4040bc0e5c1388763bd30b8a2400d92453a5242e52fef8c4894ac39192fc8807ee2d27baafddf34ae841476c526e9cbfb9b7a71b4ac5f7a9b4229c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a87e10528d95a83b8e7410631dd52d46

SHA1
610cbf7c5b989d8b387c613a7e27f31901fd9950

SHA256
8197c9a2bc4ec6e7b795a977c96a0eeae9d3bb45f6986ee1cf5c30089e01d22c

SHA512
637e3cd6d6651df06dfabae015f79af73c9300755930c8cdc25b09943dd918137ab977f6b0f5625a32cb5e476e6312ec085744de79b4276d38ef42f98ac7b4c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3c8d0568e0ee0e0c2fc0cafc0660640e

SHA1
d28a100f73c8878d34c580c742132d1600877a82

SHA256
cfb10ca2121cd9af1a92bf65bdcb36270a038358881d709f78b1927f6b6d0309

SHA512
ca833146049fb6e42a70d6d96c0a7914ff3bd9d467bb435396dbdff37b23f0c452e051465b81d078a489cf609ffd96677679672d8cc85fc3c8edff32e7759625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
068e2e60047f01198f10489ac6599f3a

SHA1
561d3d8d3aea72329ee3a820652846d8cea2e076

SHA256
460c9e7a278c2ba20cef3f1b6510fad3e0a39258403545870598668fa1e5d93d

SHA512
dbdcae3e0f4806010779f3f76de4fa4713499542085c75fe74e8ab1aaa96330897c8bf672117c07409ca1abe5794255ac9d4ce2e0fd7f31922bc24a7a9ebb8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0f17d001eded08466756a29fedba57d5

SHA1
af25b87e92ec35782c0028ea0bc22e911325ed9a

SHA256
4b712a0edfacf85ca833af1e99ec9553bf20f5c8373a9a3a5b52528f9685f3f5

SHA512
9f3c2d01d20ce3311cdeacad547d344d5ed83dc2149d80d74c11701dea07bec40fa33a912636876056b1d09a9a450372a339324f7fa286a50220c3713ee927bd

Download Submit