7f67159ff514b9b0121acdf6d5975d9d7e9af845ed6143e63af1deda65ffbfda

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-04-2024 10:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e748f81735ccd25b7c239983d36e86ea_JaffaCakes118.html
Size

3.5MB
MD5

e748f81735ccd25b7c239983d36e86ea
SHA1

04cb4e4aebcc2e37e8f3ab37a63c6490c22e7082
SHA256

7f67159ff514b9b0121acdf6d5975d9d7e9af845ed6143e63af1deda65ffbfda
SHA512

dc7a978ca7bcd44b1ff7df0aff240332142ba8c41a74305e1a04dd3102b578c72f4d8893608e57915742c1dc8434313637e05caa68b520c2493d803f3e078cb3
SSDEEP

12288:jLZhBVKHfVfitmg11tmg1P16bf7axluxOT6NNX:jvpjte4tT6DX

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2208	msedge.exe
2208	msedge.exe
1188	msedge.exe
1188	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe
784	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe
1188	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1188 wrote to memory of 4992	1188	msedge.exe	85
PID 1188 wrote to memory of 4992	1188	msedge.exe	85
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2948	1188	msedge.exe	86
PID 1188 wrote to memory of 2208	1188	msedge.exe	87
PID 1188 wrote to memory of 2208	1188	msedge.exe	87
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88
PID 1188 wrote to memory of 2324	1188	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e748f81735ccd25b7c239983d36e86ea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeba1f46f8,0x7ffeba1f4708,0x7ffeba1f4718
  2⤵
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2200,1998333102384461696,4777518002969289233,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3708 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:784

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
d1da8e751cba9db05d8bdfb62e44337c

SHA1
aa14bf5f3baac3ea279587948db1fce65ae7acb2

SHA256
5c41023129414015bc491f4da43793bd6f18579da76eb8659586b3ac8fd842fc

SHA512
849f4f975b3a1ed930b34f29a01987cb1cb5e794b14da6eaa3891c574e38e8c75df2378fc4cff546cc9da91c88caed7d81104ccc59e5129aa752e0c9a858c5dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f714e5b7d18d5da8d0e37c64114c9ebc

SHA1
8779afd745a659495a2d5cbc58667d977fab9af6

SHA256
8590193734fd8c4d1bb1ddc5d3c2d15c2170c0d69d6ca819e337eeac91d4fb98

SHA512
c438afaf1c925e1b132da475aae5863c2fcd0a9ebb438a1c8a012ff704d5343001b51d1051b4df694597cdeac3ed47209d0fb3d9e4657a77c10033f620301867

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
60a32b7cb54eb9b478fcaaf17873bc09

SHA1
da7fc5b57379abf810f5e0d117a3db0686d32f70

SHA256
389cb74a472f1ec48477175b892c26f0841b7c841b10370cc1242958e3721edb

SHA512
15c8260434ddcddfb0d714e9a8760d003e6f53f91eb7841518d448a1cb5da1f2e6eedbc54367997fe8245aa690a23f44af1636286ac66144a8a6d6d170ca8aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2d50d38e8617de4bfda38d3654bd5efc

SHA1
a246d61042d35c6208a6cdae59505368f32f40af

SHA256
c58e5e9e39bff0d02334e415b437c757e905deff902610d6ae35e0ef115ffda7

SHA512
d3d141f11420d6b85acdca22ad3b9e66e246907e4f5a2f03e809af14b04f90f5ede0cb56eb2bd21ba42b87c5c3af38ac0d7e6cc6ea74f52c52bff418958f33d1

Download Submit