24df8044636cf3f2357ea85868609151a8b0f7159533aa083b04edae1716f691

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

606296a2323e8bf0e7d0c41d9d3cf969_JaffaCakes118.html
Size

100KB
MD5

606296a2323e8bf0e7d0c41d9d3cf969
SHA1

9f52ac8e9e643476802237984774e113310d71d9
SHA256

24df8044636cf3f2357ea85868609151a8b0f7159533aa083b04edae1716f691
SHA512

cc18b712ecbb191450ef999a51805e5d4100398721384bb86b6dd835de167414f9893d36d14107fbb662633e23e10e793462d4decf7f57cd3a68252f85edf919
SSDEEP

768:1HnIZBMlXwsBiwylzzdwRf72KRzHM8yXJBJud/bNUPeoD5yvatGNUPeoD5yvHaH/:J94zYaKeJwouoYaH7hWEOh4Rd1

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2704	msedge.exe
2704	msedge.exe
1064	msedge.exe
1064	msedge.exe
3712	identity_helper.exe
3712	identity_helper.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe
1064	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1064 wrote to memory of 2540	1064	msedge.exe	84
PID 1064 wrote to memory of 2540	1064	msedge.exe	84
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2720	1064	msedge.exe	85
PID 1064 wrote to memory of 2704	1064	msedge.exe	86
PID 1064 wrote to memory of 2704	1064	msedge.exe	86
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87
PID 1064 wrote to memory of 4964	1064	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\606296a2323e8bf0e7d0c41d9d3cf969_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9428746f8,0x7ff942874708,0x7ff942874718
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:2720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8714516554865365195,8625679119537609122,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5760 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
96B

MD5
6e9bfc9cf3af987203fb7dcca42bdf80

SHA1
8ea8c0c2d310bdfaca63987014b3a99274041b31

SHA256
8813569a9d62ec55c026119b83a5e788a55ff48d7cdcae78faba3bf274f16ec0

SHA512
ff9ee748c0afa877dc8db25ffc3676996ba0f721371dc9c2611d9736327d9ea37432ab5616e4839cf989d8d9795a18e22b878c20f62b16f81ff8d17b4035b87d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d833275e9e010e1415ce9da8e2d3a687

SHA1
6c3c4c09b189ae71075457b9cf60c805f2a43761

SHA256
777e6b1a9d77eb0908648eb4631b6c67202109d97b94fbfbb9d301cd692c5fe6

SHA512
221825710f6d6eda88b7e12f781bb60b48ddf727451da73084123952e634ecffc8c1f8c94a8476c85782557afd48fdbbc4099d32fd25813c3d1c61f52d068ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e613c2f357825457d3c060ba05968254

SHA1
7975fa3785d3106615cfcfb09bbfb50374c0a1d7

SHA256
2ef528b46a9d9cb33430192de00cdaaf2b670e8a9f5b94721b19be39e14b77e8

SHA512
5a3088357b1d1c38f4fc6fa75aa0b5154426e9f7190cec9e1fd19eb6e0180f6fd4b69032adee8ea2b8376648ac8dda868bf67769cfe4a85af91c963cc788997f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c24d376f289637e8da0759442874a978

SHA1
2512ca3eb87066a34a66d070cd321ce1237ec257

SHA256
16fce532b82bb7270ffecd5050dd0fdae3dcf499b3db04264ab14a1105c20f7a

SHA512
c2e980271e2b479ae095d3fd14869d4443785e85934bdfe715c04868ff66a5aa688599f2fdf9c5847e768077998788dd9f07058a44dc9ec09c914d4c0eedb22f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f239191358e0250f93cc8729df55b53

SHA1
4ed4164b1546aaaf95cf023bc94f1fddb563cfa7

SHA256
7f7dbe667e6ce64861d27c500cc375289828a170a5da8909f2b7938caea60ee6

SHA512
57e0485a1cb5fed5bea077715868008281d6973789935b10dc6e5bd55c9b4e084676e40c54edd907fdce7da41f18fea814630b5f289ca9ee75e472065c4ca57c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72ff585c61a53cd1fa831713a57dfaf4

SHA1
faf514df37c77d8609250ffa508381166affcd84

SHA256
61af64b4981ebc4c12564974869c7cbc5cd97ba77f935963dfd93c37eeb40885

SHA512
d7b5f3a3df013396638872fa71b939f1c885571c81e1b73a70911d27690b15892c159c78c99197e06764987bd4821e0618d147d3024d9920f563223da0ba309e

Download Submit