4fcbbbe6077af8b77b1d142af5ac1bce823358358bd18c374576cb2de8939b58

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

601bfff1e09c6a7db3e0a0af15bfe1fd_JaffaCakes118.html
Size

50KB
MD5

601bfff1e09c6a7db3e0a0af15bfe1fd
SHA1

b11d32ccab5f3e81a6b08639723be49037d36869
SHA256

4fcbbbe6077af8b77b1d142af5ac1bce823358358bd18c374576cb2de8939b58
SHA512

c8fc21262ecea44594d65187226f77c56a5142328907daaed00032c348cc6cf54bcb8513daf9796e2e671e78c0f08ef9f6acccb66af26c2bc80a484328de5283
SSDEEP

1536:aFC1+C42xs+LEvuj6fzBrqtQ8iuD0yJkDQ/:mFflrqtQ8iuD0yJkDQ/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1988	msedge.exe
1988	msedge.exe
3688	msedge.exe
3688	msedge.exe
2484	identity_helper.exe
2484	identity_helper.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe
3908	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe
3688	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3688 wrote to memory of 2376	3688	msedge.exe	84
PID 3688 wrote to memory of 2376	3688	msedge.exe	84
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1488	3688	msedge.exe	85
PID 3688 wrote to memory of 1988	3688	msedge.exe	86
PID 3688 wrote to memory of 1988	3688	msedge.exe	86
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87
PID 3688 wrote to memory of 4552	3688	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\601bfff1e09c6a7db3e0a0af15bfe1fd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1a2846f8,0x7ffa1a284708,0x7ffa1a284718
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,10259047340192647101,9288686144840778776,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\525213ee-16a9-4792-af28-90a6148ed528.tmp

Filesize
5KB

MD5
2ce62ea74ba38676debd9d2a7ee2d6e4

SHA1
7b38eb94dc31f3b3c165551895f411feced78b30

SHA256
dd1c7bb9cb3e9704583148dc6dd0a75a34f6ce95a463b35bf5094a6ac20d2c12

SHA512
0921eef5e9eee4d76c4ac79acfd81f4e5eb5a204ad89374a73b6a56af0f27a5d5a3c7f9ed7bd7713b39364e7802f247fb0d7207f6333fa9c550fd3f4b905fb7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
679B

MD5
316a3e2c99d88d73893e3667f72152e4

SHA1
31f4303eaf655e43745dd33fd85e6f66cc282893

SHA256
bdf7f4a3ff9d04479cb6b35e25c8d3f102690c4c360bb4d33ad52785a94a19f7

SHA512
05cd299c29e68dee30663f8c8e3e34149c7e77c088817d8ffc825b1eb83461fc4c03927f3cf8012cf09fb28fd51e9ca2a87e0c601342925e8311567031691a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa3f99b1e1734047add0605794aef43c

SHA1
c4984d434c25f4681cceb3928dddd1c0678e62e2

SHA256
530e955ce09fd00a5902d9d777c3779b543071a7edd2f598ce1d4522dceadc2c

SHA512
2f3fc2317e8f3b52c5921fe3c7e5e8fcc82a95aed472ab081470819b80352acef7ac7f8756486b4e13c91844f473d83b87a8dc35fcca43174e8d7e444012f9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e9c344df4a788c9bfc0b4d55558dd386

SHA1
b96433ec3299e94a417d6052c76c412a8267f589

SHA256
322621da84864e57a2db6be222c3121e68287d649679bd6f11763b1cc78fbf94

SHA512
1dfc5f59f93f75358562886fbef9668c06e5467ade6254c69927779e3f8ef4a89d42c7baedcb0029c59c44ef115ec995f432b78d65d8005a43dfc20c4ac7de9f

Download Submit