c2e68ce61d897b5e0503404924c9fe43780d3c1eb8d50649f1e65c42d4bdaf8a

Analysis

max time kernel
145s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 12:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d411680b317d3563eb832b3b35b86f8e_JaffaCakes118.html
Size

18KB
MD5

d411680b317d3563eb832b3b35b86f8e
SHA1

73739c7c258e0052e60d31c43bfe57344828131b
SHA256

c2e68ce61d897b5e0503404924c9fe43780d3c1eb8d50649f1e65c42d4bdaf8a
SHA512

7e53034d8bfd524907f53a9fef39c94c6c37252b6c545b788b3c88fcdc1df38cd274e3905c5b7afdecc1062dfab5cd3431afff617142a110c42e1d2a66068516
SSDEEP

384:HhDVQSL2Cta1y6knj5q/7tsqx/BvJq9N5GQom1Ysh0nQStyQ9g+svcAmLO:Hh2dCta1y625q/7tNJv85GQoEWl95ycu

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3140	msedge.exe
3140	msedge.exe
2380	msedge.exe
2380	msedge.exe
5056	identity_helper.exe
5056	identity_helper.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe
4912	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe
2380	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 2088	2380	msedge.exe	90
PID 2380 wrote to memory of 2088	2380	msedge.exe	90
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 1400	2380	msedge.exe	91
PID 2380 wrote to memory of 3140	2380	msedge.exe	92
PID 2380 wrote to memory of 3140	2380	msedge.exe	92
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93
PID 2380 wrote to memory of 1224	2380	msedge.exe	93

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\d411680b317d3563eb832b3b35b86f8e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdc51f46f8,0x7ffdc51f4708,0x7ffdc51f4718
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5814092129408674205,12889938877897349708,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
47b2c6613360b818825d076d14c051f7

SHA1
7df7304568313a06540f490bf3305cb89bc03e5c

SHA256
47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

SHA512
08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e0811105475d528ab174dfdb69f935f3

SHA1
dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

SHA256
c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

SHA512
8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
91dd6404bbac4337f58b9c3c53b1ee6c

SHA1
4af6c1b54531282d10f3c2389bb8b15cd9706c6c

SHA256
61159bb2e9828864f79c456421ddbe3672d6250034ec2d30456520207c6cdd0d

SHA512
be47de5986729aeec30a9ace81b60afeb4e027ea995d9aa0c064ccda57c51c210cc01600adde78bd71955d4594cea1b1d4a46f384c7c5ca47fcdad25336b0af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2c7fdd945ec8df22bff762cf5df31dfe

SHA1
d2e46d9be95038a3da45578a38295d85ab6d05f8

SHA256
4ee032e46b2c37e128b13193b0f8ebb623b8968b471928e5b1b915a2f9ecf434

SHA512
98d9b65ac1b7420b4ed0deb64f25cf4c719a1ffa293e2670a220f540cfb103b45b91087d19a7b8dfb15565355cae8dcb232f2c675f3da134db966f71675facc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0c1f999940a41b3a059677fbdb7c08f9

SHA1
6467383de272abcf7ec1933b276af8ede8f4ae8e

SHA256
e62ce51c3280f81fdb0e35b12f6521d8fac63aa0ee1b8bd697d3d3739cffe018

SHA512
def3778c27e5905c361d14f3101c4817c4d9e56414d395c579711ab0d8b50ffcab42fb108bee3e29ea6c9a221768b9923dc7592565d0c4977fe3781238b5be21

Download Submit