39c0b11df2c89df38c51f7a5dac7247675e1cd9f8bdfa40c4a394528f718c40b

Analysis

max time kernel
146s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01-05-2024 18:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c7971d888c2fb9ff1f4e866da23958a_JaffaCakes118.html
Size

19KB
MD5

0c7971d888c2fb9ff1f4e866da23958a
SHA1

08c93cae2c6e1c9e8c4594b479af4fa679a04142
SHA256

39c0b11df2c89df38c51f7a5dac7247675e1cd9f8bdfa40c4a394528f718c40b
SHA512

b6b2c484418b9c6a51034ed925a7627d7e878c3433c13b1f250c515e29b3366c217a7dbffb97142d03d3b2a8e4bed830a374196e30432252c943c3cfd9761b1e
SSDEEP

384:09jiOTCiTH/jIB9gfOoLLHmDE+S/pJh2G2MswYBo2Ns7YlRS+a28+Im63HrhKqk:0JzjIPg/uf+v+Ir3HrhKqk

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1564	msedge.exe
1564	msedge.exe
468	msedge.exe
468	msedge.exe
3176	identity_helper.exe
3176	identity_helper.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe
4804	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 468 wrote to memory of 900	468	msedge.exe	84
PID 468 wrote to memory of 900	468	msedge.exe	84
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 3284	468	msedge.exe	85
PID 468 wrote to memory of 1564	468	msedge.exe	86
PID 468 wrote to memory of 1564	468	msedge.exe	86
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87
PID 468 wrote to memory of 3424	468	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0c7971d888c2fb9ff1f4e866da23958a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff95ad46f8,0x7fff95ad4708,0x7fff95ad4718
  2⤵
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,14126627300719755066,6052304973650322221,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3184

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
628d9b34bcf7f8fb3984ce76ea85eb8d

SHA1
406ac8874385ae839d7c869597fab3ff023446ba

SHA256
ab86ead709ae69b9ed51a0387370ab05c5e3e521bdb8c796fa6cf793e405c7d8

SHA512
6220b1cfadb976aaa0cc17a651caf9d431abdde5a551471cf50b5aab3b311aacc630774e9a5f5795f7d8d395ca9780c37d00e675c2dccab4bf852e2bfbefee26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1487156e6dbb2f7744b871525069f86e

SHA1
8b617cc33174b638e61811c1aee7e0645afe4688

SHA256
d74e43e20a7b6ce34cfde6d4d933cede51e2cb343f3aa2bb28b0b088294e8cce

SHA512
825c8d41e12e9034abb7f293acc3419ed54205ae77b90c6f0cca1ef6939ef9cdcf7963c603e5fc62b9e98b62c204c1598eb9c90e8ef82aa87734862a026ad17b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd8afd0a0319eceb714faea2b92042f1

SHA1
25ad5ccc2035fb2a87c9733de0e2f66840413fb8

SHA256
9307584884ed89e490fbb19b481f6003b7b71a026d3e8ad9236caf8ebd9f3875

SHA512
d50c332f7fa4ae0051c300a2052d116c5168c6a7a4f3606b548befbf1ea09f870256688d9469c2da01ca38ff67061e99833aa55cb86e7e11cb41fcfe0a31865c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b7747a24cbcd04e83170cfabc92cf83

SHA1
b5e7e23e63a41ca74cebe9a2d2c6d3016f86537a

SHA256
121eb5c41633777e048e371c69622d3d5b7ce943e02a8407283d8fb6aa96b5c2

SHA512
13a44914bb8f2c6b9a190bcf8c0c429dd92bb7f7e1231a8b9e22eab59accefb1fdc9d3f6b433ea19ea974d2d4db0d565726fd6caf4439b54685767ffea3f7510

Download Submit