f9c5e09738030a561f929bcd805b1ba3c2e34f4b5c8013b2740045e5c44d94f1

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 22:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

14af7c2e330f6c079aac65d778b67b2c_JaffaCakes118.html
Size

7KB
MD5

14af7c2e330f6c079aac65d778b67b2c
SHA1

bc4636b98285190e0cd483493c9aacfc2b69e92c
SHA256

f9c5e09738030a561f929bcd805b1ba3c2e34f4b5c8013b2740045e5c44d94f1
SHA512

41d6472c9485672ff270240d6b99cd49f00b80e16053b0903c7d53474147799bd2d96ef7ff797c064c4f298f507a2bd709c5eda24f56048eaf8ee55b012ccfbe
SSDEEP

192:SE3yHRfuN5iaJYBJYqtuYOnYSYsHztXdD/MQvuEh:SZHRf59epzttD/MQvuG

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2432	msedge.exe
2432	msedge.exe
60	msedge.exe
60	msedge.exe
1620	identity_helper.exe
1620	identity_helper.exe
5288	msedge.exe
5288	msedge.exe
5288	msedge.exe
5288	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe
60	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 60 wrote to memory of 748	60	msedge.exe	85
PID 60 wrote to memory of 748	60	msedge.exe	85
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2704	60	msedge.exe	86
PID 60 wrote to memory of 2432	60	msedge.exe	87
PID 60 wrote to memory of 2432	60	msedge.exe	87
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88
PID 60 wrote to memory of 4660	60	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\14af7c2e330f6c079aac65d778b67b2c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff832df46f8,0x7ff832df4708,0x7ff832df4718
  2⤵
  PID:748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:2364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6008 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,15615165181421134368,17922595902222079247,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1880 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62c02dda2bf22d702a9b3a1c547c5f6a

SHA1
8f42966df96bd2e8c1f6b31b37c9a19beb6394d6

SHA256
cb8a0964605551ed5a0668c08ab888044bbd845c9225ffee5a28e0b847ede62b

SHA512
a7ce2c0946382188e1d8480cfb096b29bd0dcb260ccdc74167cc351160a1884d04d57a2517eb700b3eef30eaf4a01bfbf31858365b1e624d4b0960ffd0032fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
850f27f857369bf7fe83c613d2ec35cb

SHA1
7677a061c6fd2a030b44841bfb32da0abc1dbefb

SHA256
a7db700e067222e55e323a9ffc71a92f59829e81021e2607cec0d2ec6faf602a

SHA512
7b1efa002b7a1a23973bff0618fb4a82cd0c5193df55cd960c7516caa63509587fd8b36f3aea6db01ece368065865af6472365b820fadce720b64b561ab5f401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
7d6300e66a1a7b131719dd04b88da78c

SHA1
b5d37dce0fec639e17d7907dfa7aa2a2ad78a900

SHA256
e7ee7d7a312715eb1316843b55e403143e48f3fdd731ed6159e53fb408250e5d

SHA512
c15060cff5c5cbc74c2aef06b000604215cdc0aee5aa640e194a8d32ca6d07fd2e1c0dc9456a309528c36038498ffa6e6c4a010b46e42f651b1da1a300f03561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
643B

MD5
8f31d63843377bbcea032120a80f740e

SHA1
d731d19342216643556cfee30dd772120965d2a9

SHA256
9703433685ed6009373d77e07d34644ac7e4a0e3f994069e0a36bdae28bdd3a2

SHA512
88a85dca1a7ded82c07503f2802c01aae79dd904840bccc0f14074d82ec26e43f047c88a1a13e6500c35177bff5b13c5fd55e86fc63e8a9e18010687dd600fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
75b5f42cfde5c0d290520f22b5998a04

SHA1
4a14eef85fe22d64c5e2b6e0da4fcbd4cb0a313a

SHA256
2caccd3469e18e8be3a9d66d18f68d18c1e96da09f5fd72ef6248af189b7dd08

SHA512
33675550cbbcb5987bdc6226abac1f71734337a6eaa38a5cea82eab6a608a232a7e6d7c6752c535c9a7c9562d1de3c0aa111e544882810d5ed71ab66b6d3cbaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8e8e8ab48cc74e2331f8e4dbdc16c4d7

SHA1
081af1215867bac449e9edbfccbcd6f3e9e47463

SHA256
48b787e3ca98a526cef48f63e7990daf2475ade042a4ab726c71663312f96c76

SHA512
e747a5ae491985e5085392b3ac6f8d834aa9057d559c0b0fcefbb533b57a9eb9ac4f635078925027207d27c1f004c41b52008913288feec85893fe62f22c309a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5080edc282c71285f2ff6134d69f90c9

SHA1
671ae536938fd5a81ca094282f5f32029d848a1d

SHA256
f2cb0dd8004e13bea66642417d6d4ca9d19bffe00d2e37756033168421156408

SHA512
c1afed199b038f50e30417b1cbe049f4d4168659039a393aa69c6fb5c87f0986cea0a106f5d5a7ed091480193ba6b00bdd0109ec684ce69ceafdcd174036f3fa

Download Submit