5f9a4fe3b812dc78adc0114d73d45ba02ecc0d8925e1b2f6b8288ccd6c8c371b

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
01/05/2024, 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0cc5987fc44e1821aaadc481c0db08f6_JaffaCakes118.html
Size

242KB
MD5

0cc5987fc44e1821aaadc481c0db08f6
SHA1

f14b2d2b346e96822e7697e3581a6cb2d9eee537
SHA256

5f9a4fe3b812dc78adc0114d73d45ba02ecc0d8925e1b2f6b8288ccd6c8c371b
SHA512

fce6925fe807996df4a2a4207d283403c730b8fd3e1d8aace03164909a8ae628f3662165f67a13f8e96f483e213b930637018a3b89fac37f3ae209c42e1783af
SSDEEP

3072:tjoG2eD8EtrhB9CyHxX7Be7iAvtLPbAwuBNKifXTJ/:ge9Rz9VxLY7iAVLTBQJl/

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
4584	msedge.exe
4584	msedge.exe
1360	msedge.exe
1360	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe
3544	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe
1360	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1360 wrote to memory of 3904	1360	msedge.exe	84
PID 1360 wrote to memory of 3904	1360	msedge.exe	84
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 3768	1360	msedge.exe	85
PID 1360 wrote to memory of 4584	1360	msedge.exe	86
PID 1360 wrote to memory of 4584	1360	msedge.exe	86
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87
PID 1360 wrote to memory of 4684	1360	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0cc5987fc44e1821aaadc481c0db08f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffac3a046f8,0x7ffac3a04708,0x7ffac3a04718
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2056 /prefetch:2
  2⤵
  PID:3768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2408 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
  2⤵
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,17705706068653790673,9652220156355120679,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4796 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2012

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
478B

MD5
4320106166be7d1ede4c5eebe87c72f9

SHA1
0e220f8b6194089bbd976ec9e69ec57ac06a2139

SHA256
c13e2e2338f550d114622fffffdf13bcbd3cdd4018ecf1184c4aa568e79c1673

SHA512
ccea3bdac19cf18f35d948953e8e290c2106c5ed90c46fb387a5914fe88d55d86d5bc644b4a6a2626263002891e09beeb2befa70b929c06430df3c60ab2e8ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df210331fa63036fa0133043467b0ad3

SHA1
842374bbc3ac13b872ac8ce7d3b03d1ba5d2a945

SHA256
8ba793e8bf509d17ad96db1065e2762ae087d3369db9a668fc912f169b71cb16

SHA512
7f5b64b8ba2f3b5bc308a1bfc73db10601177cc044d42b95edae6f8226affdc3c6673c769f858d72f50aff4b7ea6ff5e675bcbae935a4a144da9b7d14e4c2233

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ad72a8cbea18ad9d76f54fce1f154d1

SHA1
d7e78778e2efc22f5cf4fac5b52f9369fb6670fc

SHA256
43327d230708f3a11a4e13dfa87f616144d55bb75a83e10f0a80e2273529cff4

SHA512
9f7c8131696171e4d07f848034e36c7bf3aa755088dd163c32220b123c52c8cbaff2266edfad5187fa08946f2069bba70832cc47215b663c64b2724ee8f6736b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
918d6d495f094828d7df1580adc021eb

SHA1
ac7a539757ffc3f188ff5120b97f9876eca127ba

SHA256
4ffd85849f0ff122f8514f16e68f43cf23dcf1c8f725bc021e08c8ed3c665e67

SHA512
ea77cdf2e37befc612e610800adc97f949b13181f569916c50fb79caef832fecb0b4608686c44ec9f6fadc90eea234cf3c8d79ec01c5b317caf530efad0fbfdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
60a69fc462fbe10aa19371200796cb65

SHA1
2de6c77580758dc8f85fe7c113d0b37d458bc04c

SHA256
4fb2cfac35002dc48f25cce7c1f35e81529cc376aebb2fb0f40b93a63a0d71f3

SHA512
8c9e6a808dd0e6fba38de2180c7816b2849af24060d9bfc8b9922dc3e50ee6136bdd77cbd3aeac555fc43d6ef6fa0fbe87c769f8079ff06d3ebf99d8e8bec2db

Download Submit