c3f0411792206952fd61d680948bbd2a9b18b90948259c93c4f6c226ac1e74e9

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
03/05/2024, 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f78eb0d3d50f3028ddc301b6aae5b35_JaffaCakes118.html
Size

17KB
MD5

0f78eb0d3d50f3028ddc301b6aae5b35
SHA1

265ed05a9a1540a7e7c3e0e1eb69b56e0996d21e
SHA256

c3f0411792206952fd61d680948bbd2a9b18b90948259c93c4f6c226ac1e74e9
SHA512

7ae36206d9bb4156aafb06ea475607557037891c3e4252eb712a0ebeb08cee5916fde30cbabb604221beb555f028aedd9294f3109eb5ac9f8ef4500cdf3710ee
SSDEEP

192:Q0h7I6C6SEBJKj5eqDhGgEdAHYUsRtXSC/A1E453c0HY5GwkXijo2e+6YEJUJyzU:QY7bBeNpwr+jcyY5G9D2e+/MUJyzZG8c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5112	msedge.exe
5112	msedge.exe
5000	msedge.exe
5000	msedge.exe
4288	identity_helper.exe
4288	identity_helper.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe
3412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe
5000	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 4592	5000	msedge.exe	83
PID 5000 wrote to memory of 4592	5000	msedge.exe	83
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 3900	5000	msedge.exe	84
PID 5000 wrote to memory of 5112	5000	msedge.exe	85
PID 5000 wrote to memory of 5112	5000	msedge.exe	85
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86
PID 5000 wrote to memory of 1264	5000	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\0f78eb0d3d50f3028ddc301b6aae5b35_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5c2346f8,0x7ffa5c234708,0x7ffa5c234718
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:1264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:2844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:1084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2068,17370205437548920873,18355191103200071510,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4424 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
516B

MD5
1aabc32d1213338c11d80d0dc81b5e57

SHA1
cb4f549168cffaffa941467f7de961c0ceddf8da

SHA256
51ac7f40e54fcd0eeb99238727a65de8519d6599b74eaa58e946f16e56e574b0

SHA512
494715174be5ef5b97857132b33e21bdea4016d374de6b751cec7897585cde00a27f953aeb10b2e72d893fd2b4f70ab6cc319c963899317917f48eae552d3cf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d0873fb57550b844696b0c0e349ac9a

SHA1
67dd3fa8fe0ecbe9ca73d18b1045a674ab36b61b

SHA256
8ae854315036e1f5a0adaf03a09dc823da1e7da2e778178cc65ca2991b210869

SHA512
5fca9f4818351ecffe767bc9bc3e9e0f93bfa2fa43bcdd8412311cda9ab1055dc7ffe880e7e53ad751df3312c26ac88cfc3312ae5bde003853d4b2aa1f98d572

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6d55235692cfb87d2bba663b01fb35c3

SHA1
f99cff019063c37b87acd4227aa4dd44f051f147

SHA256
94a129ed71ce4ac17bc62aca726e6607e504d919e9641752db5531d3cc701a35

SHA512
2a8324a44252d36f1c9419b2b1522981600e2bea83bbafe98a5141aa3d55aea7cfc867ccdc561d74fe580f8deeb0c677e780dfc3c094e4a7867ae692bf02247a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8c4b354489199cc87da47c27cd7a880e

SHA1
ac117648a7f4852d9cde5feebe9d432917f12077

SHA256
2f7998d3f64fc869c277f63177874634705dd45d646429e08b2f1582f3ccdb37

SHA512
648f8fc76b45b8baf66fc298e1d6fd72a31c476e1b31e0c9aa2e95a15732b81153253582369b64c802fafa6ba958cdbd042f2559ba7fb5bf1da88b2f5e4cbb97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f070aeaeaa1c77fb015815718fd92751

SHA1
25f8922af3bb0f3d9c5705b8e933446c7e326cc3

SHA256
c9bd5caed482ae6c8d4f071f36f81cc1caa538b6c77aff50515f359847b7a361

SHA512
b1935184d115fe5faa4f1764af67ea5d328985c75bf2ccd09887b48cd91454b042bb5420d265370d96fd7e02654c2f0fd0cff4dd907f5a8ba5de488a6cf58981

Download Submit