f27704a1153d2f9fb11e2024e3778c1c863620379035513d67f84bbd4bb5dcd3

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 22:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html
Size

14KB
MD5

61b68da5b476edc11886ae0a0e72833a
SHA1

dfd9f50534fe361967c7570376a2d35d038d56a7
SHA256

f27704a1153d2f9fb11e2024e3778c1c863620379035513d67f84bbd4bb5dcd3
SHA512

87f4c9dea8a36c6949a21e0f07c919eed55378f9ecdcb01b18a97a82443f29b5d7304e01dfb5d41e2ad0f453d311979a48bfe8b56fe8f88af14e41b5ebf12fa6
SSDEEP

192:EI1f83pIwjZBRfDYX97qRHma0n79/MGd9gmGRw5XnSQsW:EIf83pIGZBRfEN7GE9/MGjgmGCxSe

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
2912	msedge.exe
2912	msedge.exe
4852	identity_helper.exe
4852	identity_helper.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe
3148	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe
2912	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 4212	2912	msedge.exe	85
PID 2912 wrote to memory of 4212	2912	msedge.exe	85
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 2072	2912	msedge.exe	86
PID 2912 wrote to memory of 4428	2912	msedge.exe	87
PID 2912 wrote to memory of 4428	2912	msedge.exe	87
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88
PID 2912 wrote to memory of 3940	2912	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\61b68da5b476edc11886ae0a0e72833a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9f3a846f8,0x7ff9f3a84708,0x7ff9f3a84718
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,3303333237066548988,13711599254936624496,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4012 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3148

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
584971c8ba88c824fd51a05dddb45a98

SHA1
b7c9489b4427652a9cdd754d1c1b6ac4034be421

SHA256
e2d8de6c2323bbb3863ec50843d9b58a22e911fd626d31430658b9ea942cd307

SHA512
5dbf1a4631a04d1149d8fab2b8e0e43ccd97b7212de43b961b9128a8bf03329164fdeb480154a8ffea5835f28417a7d2b115b8bf8d578d00b13c3682aa5ca726

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b28ef7d9f6d74f055cc49876767c886c

SHA1
d6b3267f36c340979f8fc3e012fdd02c468740bf

SHA256
fa6804456884789f4bdf9c3f5a4a8f29e0ededde149c4384072f3d8cc85bcc37

SHA512
491f893c8f765e5d629bce8dd5067cef4e2ebc558d43bfb05e358bca43e1a66ee1285519bc266fd0ff5b5e09769a56077b62ac55fa8797c1edf6205843356e75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
709B

MD5
1a27631ffc1c45d988ac6173a32e066e

SHA1
03e444d4d8a56c3b50e3a36d772dd95172370183

SHA256
8590f847341c534a82699265fa84c1cb66dad8af8bb7bb3fd3a312212a1e0b85

SHA512
028cd21c8cba2125778c008f98dce84e5f8edce320e2dbd54e71fe112b2de21f7f2304684048c2ff27591224f7ae9b05681cb35ae85e3d2ea40994417f2b72e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b9e142fe565af8193b3e4afcb5192627

SHA1
9f61886db756c32771ff4d3e640df67ca175cdb4

SHA256
12cda18eb01caa3a941de43221052bb6f1f2e9f68aac83bbf90d8c6c78335c6f

SHA512
8eb432e9857243644cb822ce461a1034d29f16d077451083b98c543398202592396ab38949574531b4aecdb602fa3e5ba8404d6a534fd91c8b07fb3d7b636596

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
daec484eb29b63f79b813d64cc2663a8

SHA1
fc359cfcd16b2b3f6d39b4903a20ba52a9f71779

SHA256
3e1b2fa04ba4e631dbf3ac75a62ae7ee50866e337bb83906d460086abe298a19

SHA512
588c477b79c202be7d953837e64e8d65877ef4d0f13cc4205fb5e933359addbad8da8a66e69943398b21333f57fbbb7663e320bf9b0866e64752702745032d10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
12725bed9fb317fd5d6e5e3f26fe675b

SHA1
e2c6a69ba75bacd4b59a6d84deb06eeac9b58d33

SHA256
3e458a0da23e0ccd7203311fb8cda1634dfc764fd181600ea0f1a725185f1577

SHA512
4ca63c30b3ee82db564d275f30a38e2d09b4cc10a26107439f213dbc425f6e9d20286031362b83e8e9dcc0dff65b94d0fd1da6c3595f190d9dd71401cb2afb4b

Download Submit