e1a0e3ff3c1caef0b10535bfd1fa7c524620bc837cea99d781f1c6aac815e05a

Analysis

max time kernel
145s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 10:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e9bc9e5f0d7cf8cfffab61545960bce9_JaffaCakes118.html
Size

6KB
MD5

e9bc9e5f0d7cf8cfffab61545960bce9
SHA1

25847d9dd5b118e207fdda73b96704f4275d70fd
SHA256

e1a0e3ff3c1caef0b10535bfd1fa7c524620bc837cea99d781f1c6aac815e05a
SHA512

27d3cd4d6d010423dc3a99831fdc3f39dae94f500b404ac9e512947ac2e60fb9910c3e0673bfdf1885092de55084b0f4c860136e6da5dcee7b978c780ba26fde
SSDEEP

96:uzVs+ux7CcLLY1k9o84d12ef7CSTU9ZcEZ7ru7f:csz7CcAYS/wb76f

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4516	msedge.exe
4516	msedge.exe
216	msedge.exe
216	msedge.exe
5096	identity_helper.exe
5096	identity_helper.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe
1276	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe
216	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 4312	216	msedge.exe	86
PID 216 wrote to memory of 4312	216	msedge.exe	86
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4388	216	msedge.exe	87
PID 216 wrote to memory of 4516	216	msedge.exe	88
PID 216 wrote to memory of 4516	216	msedge.exe	88
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89
PID 216 wrote to memory of 4764	216	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\e9bc9e5f0d7cf8cfffab61545960bce9_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe778c46f8,0x7ffe778c4708,0x7ffe778c4718
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4976 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4244 /prefetch:1
  2⤵
  PID:988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7712831963648484093,2443615890564897103,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4888 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbec32729772aa6c576e97df4fef48f5

SHA1
6ec173d5313f27ba1e46ad66c7bbe7c0a9767dba

SHA256
d34331aa91a21e127bbe68f55c4c1898c429d9d43545c3253d317ffb105aa24e

SHA512
425b3638fed70da3bc16bba8b9878de528aca98669203f39473b931f487a614d3f66073b8c3d9bc2211e152b4bbdeceb2777001467954eec491f862912f3c7a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
279e783b0129b64a8529800a88fbf1ee

SHA1
204c62ec8cef8467e5729cad52adae293178744f

SHA256
3619c3b82a8cbdce37bfd88b66d4fdfcd728a1112b05eb26998bea527d187932

SHA512
32730d9124dd28c196bd4abcfd6a283a04553f3f6b050c057264bc883783d30d6602781137762e66e1f90847724d0e994bddf6e729de11a809f263f139023d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dcf71d7c8c2ebffe77d2696672f31a7e

SHA1
142f1dc149a5c1e661de5faffef905a8bd759912

SHA256
04c8587d1d1407f33999518b09db32f6840f6fb97b9aaf60a3753d2a3076b79c

SHA512
f91bd46600be9d42ea47422c4aef4241cf56e53b6276fb712a272c3ee1bdef5738d2cf8f6cc33ea5665d48aa0003a5260264462e8a67829b696a469bce325374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9e1c7151a22c302b8ea89be1359ae6dd

SHA1
92ab890d563f04d3f5af037a4a8a66d314866f33

SHA256
86bfb89edc1fd6c19b92e5d4284c017161b77cffb424ab221694036521c23fa9

SHA512
c1bfddfcf068c29a464cec9ab431ff346be9ab056581b1c6696ec7d363c3abb2405fbe292d75961d9f95a4073e02b17a2794cc119b9dc66c6e35ff50cdeb49bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f90aca58ff6dadb19f5f1ed95c9ffc83

SHA1
74e51ac97614e3ceb7f0d9aa10c001da9f7b2a1e

SHA256
5c7809c353c8a3a62e00b11ee898051abf90ec3b159e7a49d6f6344dc3e2ac1f

SHA512
e994c187ab73435381f8f6448c835e6fe682378128077543b768368d0287125d1b5575ff46bafe7ca9836646ce2c07123c6d05cbb3fb732edebdba74b4c573e0

Download Submit