5155a465a0e4199f14df6d395276c9360bc34b1623107ffa92fdc59cbfc78fc1

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
15/04/2024, 00:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

efeaf098bc6317bb2f008bd4c65f86d0_JaffaCakes118.html
Size

51KB
MD5

efeaf098bc6317bb2f008bd4c65f86d0
SHA1

33f170c2396a726b0e8447c9352552d9a243ddea
SHA256

5155a465a0e4199f14df6d395276c9360bc34b1623107ffa92fdc59cbfc78fc1
SHA512

c38e04d97c0a0d3bd87fbfd4ac96f7cc76004e76bf05c2eb9a9533faf164ad3a3c0e2737f2b0ec326a1e6777278fd0cd7ea025259585aedf9a48c8f054c14eca
SSDEEP

1536:cE3ieh6RIBwoAIv2DgNkYnO4odiFMKDSYPkhzslGl0QwVpGFKndzgEFE6n/uGl56:cE3ieh6RIBwoAIv2Dg9nOZAMKD1Pkhzr

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4120	msedge.exe
4120	msedge.exe
1908	msedge.exe
1908	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
2940	msedge.exe
3224	identity_helper.exe
3224	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe
1908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2864	1908	msedge.exe	86
PID 1908 wrote to memory of 2864	1908	msedge.exe	86
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 716	1908	msedge.exe	87
PID 1908 wrote to memory of 4120	1908	msedge.exe	88
PID 1908 wrote to memory of 4120	1908	msedge.exe	88
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89
PID 1908 wrote to memory of 2304	1908	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\efeaf098bc6317bb2f008bd4c65f86d0_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb707746f8,0x7ffb70774708,0x7ffb70774718
  2⤵
  PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1468 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6112 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3856 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4132 /prefetch:1
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,325389695998280235,676187417441629181,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9b1179a0-484e-448c-ab5e-7c2e7262592b.tmp

Filesize
6KB

MD5
c67e6c8ccd60a5fed7874ad9caf66488

SHA1
6d21f37e934c36616f3e0529b2851175ad45b0cf

SHA256
3b1cd289f1f3099e0ba1997029bb28f50eae1b48f00d184acbba7fe27664a586

SHA512
610014d427bc149c2819523c26c3b4d4a188ea670a86d95965792aa67b3c3345197eb278e3348387e4969df2b752589561b0faf6be72c962924b5aec834bd8e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d72e278e29bacf39253eeb6e348b1c7b

SHA1
1d034948de73cac640a6a83265dfa9965f9e4015

SHA256
5a5e817d1af6c88662b8ee8894978175cd29d69b165e12d8efebfe391f9479a5

SHA512
445da72915846cccb68ada3c58f39d40759428ae7eb4a3f5f7c83bf148a013828c7e87782ea217401b0cb2381d5ef88f2f5c585d334b0a4030bcb845236f06ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03bd020984ad351a1d3879be128ca70b

SHA1
47cbbd3685d78656e76c7689170b11c01bbba82b

SHA256
bbeb42eaebf7e4cc09a206d2b295f2fa670e06fe51a95b0c244ee80638bc9a24

SHA512
c22934d3b7fbc956f0772332c06ba406c2829b5fac3cbb56d71bfcc66efa75183eb075449712aa2416a4d1be314e43d96bee84691e6503bc2bd7d8db6cf76c1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
747300c6cd596223627a106189a3ade6

SHA1
6711e4105ff06e9305a5235d670fb25fb7d5de97

SHA256
774f008eade40ee29367234a3974e150f7490d55eb658adce34c4e34c964d084

SHA512
c07f8373efa8a26b7788b8df8994b0dd545ecd95831d835362c6291433a43f90d931f4592c4ac5d0327f04cf7e41de1a402aff3e64f4491d4f545cbfb5d4c70f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5958d4.TMP

Filesize
538B

MD5
ae6895fa74939f1390254628720d11f9

SHA1
3de292c724171fba9beaeac8338b837ce1bd8d7f

SHA256
7a344ef07cd062c4911fce9f4333dbae3bbae752b762a4c7f55ea9fde42e9050

SHA512
61dceddea37372b743eecdebb87669868e2686f6d5a83c66326a1f53723ba8d0437d0f01da7942800ef2dafa317c8dd308a7d051c95ef906af77bf5d23e23aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
63a6d4e707119053f331562f6380df5e

SHA1
c32bd1a6e0c3afc3bb97d2c60c26675e67281695

SHA256
99f823ff8b3c1e1c725aefb697494b605dc96528425b96cefeabdaa285dc29c7

SHA512
bf38ecd59c1eed66b5173cd18344c0113c1a0d63cf6d6814bee7d8eee76116bcbf8cd249232bc119258d8a2bc5c203d98f272722779135a4baf230330a55c9fb

Download Submit