9a0832eb3d857145d8fdd38002dfe2c8eeb72986e43f3e349de827accb10fa17

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e93ef6d982004ad4878c97931cdbc139_JaffaCakes118.html
Size

3.5MB
MD5

e93ef6d982004ad4878c97931cdbc139
SHA1

fc698c1d2f26bcd91001d5bcebffacac73b8b23d
SHA256

9a0832eb3d857145d8fdd38002dfe2c8eeb72986e43f3e349de827accb10fa17
SHA512

ef1520d5151b8b4a83f82bb2a8c4eadaaf1a9c9425d7da9f7d163af96da0c010e087228db464e9eeeca169f9d9edb962a45c69a71088dd8f4d3591e689929513
SSDEEP

12288:oLZhBVKHfVfitmg11tmg1P16bf7axluxOT6Nfj:ovpjte4tT6Nj

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1532	msedge.exe
1532	msedge.exe
1708	msedge.exe
1708	msedge.exe
1540	identity_helper.exe
1540	identity_helper.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe
2868	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 4836	1708	msedge.exe	85
PID 1708 wrote to memory of 4836	1708	msedge.exe	85
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 768	1708	msedge.exe	87
PID 1708 wrote to memory of 1532	1708	msedge.exe	88
PID 1708 wrote to memory of 1532	1708	msedge.exe	88
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89
PID 1708 wrote to memory of 3944	1708	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e93ef6d982004ad4878c97931cdbc139_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef5df46f8,0x7ffef5df4708,0x7ffef5df4718
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16957761771839193766,13622636913490290687,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4976 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7740a919423ddc469647f8fdd981324d

SHA1
c1bc3f834507e4940a0b7594e34c4b83bbea7cda

SHA256
bdd4adaa418d40558ab033ac0005fd6c2312d5f1f7fdf8b0e186fe1d65d78221

SHA512
7ad98d5d089808d9a707d577e76e809a223d3007778a672734d0a607c2c3ac5f93bc72adb6e6c7f878a577d3a1e69a16d0cd871eb6f58b8d88e2ea25f77d87b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9f44d6f922f830d04d7463189045a5a3

SHA1
2e9ae7188ab8f88078e83ba7f42a11a2c421cb1c

SHA256
0ae5cf8b49bc34fafe9f86734c8121b631bad52a1424c1dd2caa05781032334a

SHA512
7c1825eaefcc7b97bae31eeff031899300b175222de14000283e296e9b44680c8b3885a4ed5d78fd8dfee93333cd7289347b95a62bf11f751c4ca47772cf987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
981B

MD5
a2962995f1387c8d9e90878e56568e21

SHA1
218490cdb2bbe06fedace233937005268c3149a0

SHA256
6016d11f5033700edb3d42862501776fa9fdf5474d6d7fffa2aac3582a8991fc

SHA512
138c599417849891911bcd3812f705e95900caec87bf54184b0cc87ccda5609086dc02bc5896a700d3e273b5a1fbcb4c9c8f0b8a7460507105d42ebf981b585b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b8e3985a5b5d7f9c4ea49b45877ec703

SHA1
38d546e9a65e8ceb02acd7dc6692892b6b40cfd1

SHA256
b2c29cecba38c7933445bb677f8202686f39c4691ec1ad303fce462d69fac344

SHA512
ff2c674c13ca462490d9302937efd7b89902ab93bf7d26801dfdcb5a562aceac800cf9a6a9963a9cc03f9c8d0dff3183c2619f1dc95b5ac33d1a23e98eb3ef90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3878ae7724041b4ab28c05accf48974d

SHA1
c6dcd6d0b3ffa52a45351286fe64214b3f34a7a5

SHA256
4ac7323b191ed6bcc7512c896c6e25f29bc5cc426248860c26f65980544237f4

SHA512
a47e9fd233e6dc1c2a70ee956613a79fce0b7a3e6b0c1fca924063cc2e7c6734f48ef1755e6182a7ec280fcb32ef46843871f28449ad73e96c5da542aefb0c36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3091dcffcb8c63ee37f400be7769028

SHA1
955e49ad2e6b15af090a76ca4c33fd9b239eb20c

SHA256
1ae89b1a584056644c9df188aff0018de4c58c8c593a648266590d56e977b144

SHA512
1a9a20ceb437b92b755207e4d55c149553de817a80078d2b0b61e84f607c74f211a3f5fd2598915a6587ce279c806a3f6a0091e0564218f38df98fde08f8ac23

Download Submit