3f5ee9227f887f5751d192694bfe0e968f86caa5e172432083f2ba273169346f

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19-04-2024 03:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9713b0a4069a8eeeb120bb24431dfb1_JaffaCakes118.html
Size

842B
MD5

f9713b0a4069a8eeeb120bb24431dfb1
SHA1

fd050be9245299e951f463b274ea3b09a516b427
SHA256

3f5ee9227f887f5751d192694bfe0e968f86caa5e172432083f2ba273169346f
SHA512

6483a0d282f68bb5f0614b5d9b8e71cfe4b876910aafde662a18e1316a97891c8ead2110eeb2b990f1e279544f20dc8cfb250d9865b42ec43edd7086148cf03d

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2336	msedge.exe
2336	msedge.exe
2996	identity_helper.exe
2996	identity_helper.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe
4472	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe
2336	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 648	2336	msedge.exe	83
PID 2336 wrote to memory of 648	2336	msedge.exe	83
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 3412	2336	msedge.exe	85
PID 2336 wrote to memory of 2988	2336	msedge.exe	86
PID 2336 wrote to memory of 2988	2336	msedge.exe	86
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87
PID 2336 wrote to memory of 2960	2336	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\f9713b0a4069a8eeeb120bb24431dfb1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff88e3646f8,0x7ff88e364708,0x7ff88e364718
  2⤵
  PID:648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 /prefetch:2
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  PID:1028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2312,9037230819857873774,9780184192655776425,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2296 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22bb6af63c7710354ac7070e45ac988c

SHA1
34d29d6b316e39ed8fb8c5efb42c4269040fcf1f

SHA256
1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb

SHA512
42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62677bdc196e22a7b4c8a595efb130cd

SHA1
bd2adf18caf764c8f034c08b6269d9693875f3c8

SHA256
b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6

SHA512
d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
397f53f29a17baee00697ca31a738b65

SHA1
bc300bb2b7797ab6c948a77db2cefad1361d0f7a

SHA256
0dba79eb79d62dbf47c0a71d0802e2f473818740fd5869140da4dbfa54582948

SHA512
b2857d010ac2c15a16838ff92c50042ebf687e293f05bef559769768fc214032dafa75d0ecb41554122b647294999cbc41cfa3c8e3bf9f5bf8d02a32fc057817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
14ef5e8b2a88a0fa4c8458694cf65a98

SHA1
034c0d6417968ec702d0bcac9e8efd3ef195f5b3

SHA256
a072d63f98b49e67083710a6109e0e72669cfd2e8b0e07b39f528d3f78faba44

SHA512
44c2e87e9ffc707b5315b8a9e32e7c5d4736e960b33e322dfc760e560795f35fc1ade4e6ff8caf7f76fdafa6c8a7e0d3253babc4be878612e2f00f60ccb14c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
184dac1009b39be916d741a2f1e0abf0

SHA1
7f7b090b498abbca5ced159c285629579e4c8e7c

SHA256
dda0a585a80ac2f92abae6009512953ae325c4638e2d4dd2aab95b47c8eb1661

SHA512
389afee32da3743e0565ded640c89cfc6fc0975a3e4b3a1437692d4024acd9661fabe8af63be923591bc3693a51aa0eb6c6f3654a7d833787ce1805d52552ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72d4b2b6f07e3f4689df223b19f81367

SHA1
fbbb4003be525c14e40245cfde564521aa9da0b9

SHA256
1b90bb0ad0befc482c89c52288c57b22b740191897cf79a054f01c4d4df3a22a

SHA512
4925f36b2472779c5dc4ccfbed4755b91a52dc3f338b8802772e9e7b4ae70ed3b9444f23addcb104bb7a9338e2aa8425e6f18618cafb3a23c6a538000f7c7222

Download Submit