5a44b8ab941c963a8ffaf4f97276d92bec86fa38194a498b047f22f624e8ffb4

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 00:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

621b95995389f2e92d5f6c1016dee71b_JaffaCakes118.html
Size

22KB
MD5

621b95995389f2e92d5f6c1016dee71b
SHA1

f4711ce90d459f074f712099a945a82d9818cd1b
SHA256

5a44b8ab941c963a8ffaf4f97276d92bec86fa38194a498b047f22f624e8ffb4
SHA512

ab16b2177cc8eaecbda32d518f6f5299bbee6c1a4f426181fe1ea24773f39a3f27805e6c72b359d1dacc99c06d8d6e29c99678e70a316c2895db57dff11f1315
SSDEEP

384:oplIcrMNta4911qGTHWpT6yXfN6Z8O/gvLaguLZ:Vj8kgjaxLZ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
5116	msedge.exe
5116	msedge.exe
4192	msedge.exe
4192	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe
4192	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4192 wrote to memory of 2828	4192	msedge.exe	84
PID 4192 wrote to memory of 2828	4192	msedge.exe	84
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 2452	4192	msedge.exe	85
PID 4192 wrote to memory of 5116	4192	msedge.exe	86
PID 4192 wrote to memory of 5116	4192	msedge.exe	86
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87
PID 4192 wrote to memory of 3456	4192	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\621b95995389f2e92d5f6c1016dee71b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca0de46f8,0x7ffca0de4708,0x7ffca0de4718
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,6689862848405475046,10334671103642271385,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
04b60a51907d399f3685e03094b603cb

SHA1
228d18888782f4e66ca207c1a073560e0a4cc6e7

SHA256
87a9d9f1bd99313295b2ce703580b9d37c3a68b9b33026fdda4c2530f562e6a3

SHA512
2a8e3da94eaf0a6c4a2f29da6fec2796ba6a13cad6425bb650349a60eb3204643fc2fd1ab425f0251610cb9cce65e7dba459388b4e00c12ba3434a1798855c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9622e603d436ca747f3a4407a6ca952e

SHA1
297d9aed5337a8a7290ea436b61458c372b1d497

SHA256
ace0e47e358fba0831b508cd23949a503ae0e6a5c857859e720d1b6479ff2261

SHA512
f774c5c44f0fcdfb45847626f6808076dccabfbcb8a37d00329ec792e2901dc59636ef15c95d84d0080272571542d43b473ce11c2209ac251bee13bd611b200a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c148074d71c9fa47e2e6e955e61c44fa

SHA1
d277d89c9b71e983ac01a4e7e55a0c31bff729b4

SHA256
1458aea3802046ab348c4f1182a002bb1b2d64f69da334264869862f8813e453

SHA512
49b203ec4e24d7dd78940bf1a494bcf2e3ca18908f6d10ecf37e81dcaa031184cd8aaf89bc9f0b27044d86da8aa2c24b5e72a95c4f09bdf9135c287c7f91ad23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18f6275ccfdf24e104d73fbd247abe71

SHA1
d9644b69ea30e7a0589115c3d95aed81ba142e1f

SHA256
12c19a4fb23338c5d739d7c732cff4e400226c03b8f8674fadaff4300fc9d085

SHA512
c848d9c6b272678267ee661cfdc1c8c80b902f8feaa461a8b3857e7ca8a7efca4b402e5441ee2608303e75851ea7c35ad08e835f7471ed197dd1a0b0e909cf7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa1ba8b167dccb5c2c925a5a7eaaa0e1

SHA1
3ae8c5fe12778151dbebe0357ed113549101b095

SHA256
e31542a9391a00a59ffa6f1c8b9de587fafff9942f130edc099891a304a82d87

SHA512
0ca22b75ad7ba72e6f4f8d2a52d4fbbbe5b9acbf568f0d6fa85cde01590e83611e1a4fee0fcf11f54ac660e1f37d0caae207a3c4a03012e5ad531d9d36c32c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
0e799c12be2b0221f56e269e17c5e122

SHA1
00789877c5e7093a8c9a91511da05ab7f0e46e9c

SHA256
83c98c00d6143f89ab6b33af772750bd6ef608417889af3d0f3a7e0cfb90e57b

SHA512
6251e230d9cd123611d780aebd530c5e63fcca1aeca01af6809991d1a786a72fd56b351ad55fb5db18bc505e3331b2604f9e264bce2e75021514227f8ab0bcf4

Download Submit