deb1015380786b2366b8cde9600cdce00be3e31a89c9dd13ce1a8f59e2ea999c

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25/04/2024, 22:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

002cf1abddaf738b3988495480f435d6_JaffaCakes118.html
Size

246KB
MD5

002cf1abddaf738b3988495480f435d6
SHA1

4cbd2e90263aec12e98cab6aec9fbca3d9e64257
SHA256

deb1015380786b2366b8cde9600cdce00be3e31a89c9dd13ce1a8f59e2ea999c
SHA512

0dc238c71c94d81ca9068b0af19be6063b3d5499c42616e4cc9d966a10ae21c985b61edb999a5aa3ddae43c06dccdfc36fdcc21a334fe971a23a147530229142
SSDEEP

3072:2Gb/aOuxpVY2Jxif4JqUKw4T4ibkp7QDRvBMru+KnDfM3L96bnmVas/O7SkuH:WxY2Jxif4JqUKw4NDPmVa+r

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3568	msedge.exe
3568	msedge.exe
2428	msedge.exe
2428	msedge.exe
3208	identity_helper.exe
3208	identity_helper.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe
1980	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe
2428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2576	2428	msedge.exe	87
PID 2428 wrote to memory of 2576	2428	msedge.exe	87
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3416	2428	msedge.exe	88
PID 2428 wrote to memory of 3568	2428	msedge.exe	89
PID 2428 wrote to memory of 3568	2428	msedge.exe	89
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90
PID 2428 wrote to memory of 2432	2428	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\002cf1abddaf738b3988495480f435d6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffedb0046f8,0x7ffedb004708,0x7ffedb004718
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,11657012227976317516,6882931066159133502,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5644 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:468

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d94406b964753cc5222ab1343f54bb1

SHA1
a5e7de0781fa1fabb3cd89564f2e5693cb4dee16

SHA256
fd9923a217cd8d2c44a63dbfe52ec262e7c80b1f1e50c6e0f21f8379c90e7762

SHA512
1ad2c144e7bbd809f400f8782586d3768fc82bcef39db986f766897c344efec77ab2c0b6d9c5ee2019ef5cf9ad0c46bdd25392cbc9dbf9ea80e800577f0fc598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
49dde89f025a1cce8848473379f7c28f

SHA1
b405956b33146b2890530e818b6aa74bba3afb88

SHA256
d6d125ba686b825bb22ab967a346051780cab1f55fc68a2f3efdf3fb5598f96b

SHA512
53050344674d8886db66e25f42d97bf46b26229972631f857286c2a303897cda58d85ee8ca768bbfb1fc07e52567315ea85d57e39b5b382916700ec389946506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
da16bc74118b2f9f9f635369d02daf64

SHA1
a8a564a423407731c23f2694d76e942e7da7734d

SHA256
e1497943e8c15edaaf5ec84e2801697ecfa1ab1e4f453a3883e7a00288f043e9

SHA512
f019ad4ae0a17ea544d0d1861e248f1e3e0c575a51e4fdba1bd15af8df2ca0af904f43691f980f5065657b05bd0bd5689bd644221c419d657535f255dbc93b46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f770421c90be74f4af76a5b1efe4e7ee

SHA1
fb01766790f6873769fa447d08754ae667d20f1e

SHA256
a1e33f1bde1faeb0ba92be626cd24a415728c1f7fa8fc799b4a48b17ff0a4958

SHA512
3d1ae0c17cedbc1feb62969e087ae3a9c70844eaeba03ba82bfb2c2d4ed42bf81337698a3eec594e702bd5c2fa248042212ad16f5a8a8144533a121afd9199ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cf92b6ee71a013717f23c9839b6e7516

SHA1
e81c498378b8933f571b3e89a3830352c61265c4

SHA256
e0ec70d77d59bab2466d8e8a0af8184808490f2c0575d84f53d530ecfe158e5e

SHA512
ef43a668ce17323f800f02031462c9f403e1180664210719269b235fbad4525e9cb250f822fbd54a75ed58838db95237891e8a683e1cfcc20cb2445afaffd227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7c43199d1e5acf5a31e1cbef990fbc47

SHA1
df7bd524b9b3175325c0aff3469ea7f2211d3061

SHA256
52a6fd2a2fff53c738c77a6385e7e1677f8990781699f78c63d5a4b0fe566d22

SHA512
aae886642b40ffb0676534fd85abe43ab588526b8e952b12a1bcafc73cb05103c76aee4fa32cc18c74af6c59aa1dc84bcda09ebccb7d11adc79fee3bfc93e2d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
d4c3f0b3bf74332f5fffd5e923dbda01

SHA1
4fb19b508dd150644afefdb5c3534981af5b206f

SHA256
aa7e4e01e52605bd11fa9a2dcec18399824a50c6f49cfeefa29097d97ca06120

SHA512
c5538dcddf6d2ef7546f59238770741182802821f73ee5566507f68be0b939b71873ea886de74f8dd33d2d92579bc5c3a04aaeacac3fb74bb9587dfc9e7293d5

Download Submit