c1e4b1502c79f12868c3a11397af3a7a425c3d84117ec24fdd2d171d0f2fc6d5

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 22:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61969ab9ad9b84be135a6e93067462f9_JaffaCakes118.html
Size

84KB
MD5

61969ab9ad9b84be135a6e93067462f9
SHA1

ff3b921d34f4b55be0f956a43c878a01cdd0c17c
SHA256

c1e4b1502c79f12868c3a11397af3a7a425c3d84117ec24fdd2d171d0f2fc6d5
SHA512

ae9a966e56e25aa5468c46a5d5f14261865d1abcb2f873e76db65186cb9d681b0c11548ca1cb04152d45300925f61a61806c4b1d25ce4546853a53e707ad58c3
SSDEEP

1536:kFNEfkDsZd969E2ZHY1i/bETZDZeaH3Nm4NmdNm6Hv3KDc0vnTyMtqhbM6NT:4+d49/HY1i/YZDZeaXNm4NmdNm6P3KDE

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2044	msedge.exe
2044	msedge.exe
4640	msedge.exe
4640	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe
2360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe
4640	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4640 wrote to memory of 4948	4640	msedge.exe	84
PID 4640 wrote to memory of 4948	4640	msedge.exe	84
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 640	4640	msedge.exe	85
PID 4640 wrote to memory of 2044	4640	msedge.exe	86
PID 4640 wrote to memory of 2044	4640	msedge.exe	86
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87
PID 4640 wrote to memory of 1376	4640	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\61969ab9ad9b84be135a6e93067462f9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc715846f8,0x7ffc71584708,0x7ffc71584718
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8115438985655488757,9827801395535126025,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,8115438985655488757,9827801395535126025,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2804 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,8115438985655488757,9827801395535126025,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
  2⤵
  PID:1376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8115438985655488757,9827801395535126025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,8115438985655488757,9827801395535126025,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,8115438985655488757,9827801395535126025,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f842025e22e522658c640cfc7edc529

SHA1
4c2b24b02709acdd159f1b9bbeb396e52af27033

SHA256
1191573f2a7c12f0b9b8460e06dc36ca5386305eb8c883ebbbc8eb15f4d8e23e

SHA512
6e4393fd43984722229020ef662fc5981f253de31f13f30fadd6660bbc9ededcbfd163f132f6adaf42d435873322a5d0d3eea60060cf0e7f2e256262632c5d05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54aadd2d8ec66e446f1edb466b99ba8d

SHA1
a94f02b035dc918d8d9a46e6886413f15be5bff0

SHA256
1971045943002ef01930add9ba1a96a92ddc10d6c581ce29e33c38c2120b130e

SHA512
7e077f903463da60b5587aed4f5352060df400ebda713b602b88c15cb2f91076531ea07546a9352df772656065e0bf27bd285905a60f036a5c5951076d35e994

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
73a46cec191dc8cf4d1a6632ed7ff526

SHA1
ca4b89a2a60a4b68d136b75412813065e0714306

SHA256
1f3e3d28b218147bb10bb48609b282b117782e836475d8877d6cccba21c36855

SHA512
6b74b5d4e4e97dda656e47bf54f4c5b6262236c66e79d4a633690bdba8ecd739cdc6c29a590bfba5d82e20639cd702d07890edec85fc70ce24f1853d03bc8c15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d4bd1d045d8536e0eace1087e7d3a179

SHA1
aa2354effad1e6e058e245229c210d47a01f2009

SHA256
09c4fccc081bb2b005f25842d9d35b5196d7775e3200879b0a17f2eb6ff07fb0

SHA512
53a38ced680d7b37951e242d07eb0d28b239b6b235651b2268d0fe2dc5fc6d4111e099ffed114d4154c404037d3fffb68edd7f18134ea9729e8b983f720bb832

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e6fc4895aaf5d4d38680207b2076e43

SHA1
5b24cf1ce5a0ad89b4c15cd6d7ed04b67a021c5d

SHA256
37aebed1a2fbedea27ee7bcc6adcc0336a56415338596ee891f3c857818bb983

SHA512
a0d2fd554bb0a801fbdc63db285ef3628ef3f3c7a8eaad64951f9813270b161f985ef7f8b68d7e894788f670d59a172ac494b9c31a31c2c39cf8946503ed99c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cdd1a4191e3e43d42ba6a97f5e4d2658

SHA1
d531faecd9624c7f24e800d052fffc04826fbd41

SHA256
6f837ea5fe5021fd64f2b7b2f2327bb8c72484358b49aa4ba5bb8c378f8325cc

SHA512
235a5c16ed954b803386a34564dd460178cd419fe84596be2718e3aca97a8a64cc4fb1b786394c7b0881ee698d055859463eb84b1ddb77ba54e2d4d9bbada93a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
48e3759ee208555fd827d13532c2099b

SHA1
ab6c6d1a83a5f0b13e92c08a356c814696b237c1

SHA256
019ddfbac08a9b34d1c451d68b27127603495bafdcb97036a5641cbfa538096b

SHA512
cc1ebcf1617892aa7d37dc60d1dc1c4dadab89297af28266aa439c18db40d67ab38ec73241f4c7549eb311703bf0b6835c8a54ed727644ee11ab6e2c0faa8fc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0ca4b6688d3310e281afe9d2e7f4a1ab

SHA1
929103b67ba845140fd98915f81935711b356a78

SHA256
6b3a9ceabc460f558437013f7bed63e85d48d4fea823fb88e55ff53c5034df9c

SHA512
1be38ea97b47ea3767997648ad30ec212fd92aa7c6539e1f77a1af9ff96cbf97d0dcfacded31c3f0d0b201bd28d42c497d22bfa476d732ce250d5e8a42c58940

Download Submit