6e31a5b7e9b3fa93b8830899f42f8385083eaa5b8ba9a0e3f6ef9d46b9c5a794

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 07:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11c297066824ace9b3efd159008c77b5_JaffaCakes118.html
Size

36KB
MD5

11c297066824ace9b3efd159008c77b5
SHA1

74c90aa374bae409722c61eb7e549dc3128ffc15
SHA256

6e31a5b7e9b3fa93b8830899f42f8385083eaa5b8ba9a0e3f6ef9d46b9c5a794
SHA512

062e07701572b8804a060b2402e2a8313be4eb13cd3016beb62bbe9b621da6350b454f8ed881a6496067d87470bedfd7dbbef2a144d792a0be3ee6b849f353e1
SSDEEP

768:zwx/MDTHcm88hARrZPXKE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOZ6u3l56lLR/:Q/bbJxNV+ufSI/i8/K

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4304	msedge.exe
4304	msedge.exe
4908	msedge.exe
4908	msedge.exe
3848	identity_helper.exe
3848	identity_helper.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe
712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe
4908	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4908 wrote to memory of 4072	4908	msedge.exe	84
PID 4908 wrote to memory of 4072	4908	msedge.exe	84
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 3020	4908	msedge.exe	85
PID 4908 wrote to memory of 4304	4908	msedge.exe	86
PID 4908 wrote to memory of 4304	4908	msedge.exe	86
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87
PID 4908 wrote to memory of 1996	4908	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\11c297066824ace9b3efd159008c77b5_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffb17e46f8,0x7fffb17e4708,0x7fffb17e4718
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:1184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,15767976306335471755,13900173319842121699,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
34ee7fe6598cdb916b596a70ad6dde27

SHA1
610d32154d2ecf2e7760ea7ea6772ac66109a5e2

SHA256
c3f8e695be40aa8716e592ae3efbaf9d4001cfdbb0313a9877eb31ae80630591

SHA512
65741e58e3576eaba4a7937f4180fad42af4fb51a5c048bb042ff9ca29fec3d811f89ef6549d7a98cb167db4931ec5bc6a6ec1660c4a488c1d0875a40d9281eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a8964a3563c91eeeb246d262e4113156

SHA1
e71f12d94479e5926124dc692cf1beee866b5bb8

SHA256
bb160790044ab806e17de003cb92080da74a908d1467fbb051975c3a1395aa4b

SHA512
542a2e3b713597b0bb14457f581d2b175f7b14162a88fdb77d52fd9a3edda663c2dfcb12c3ed8380a42819b67e6941ee789ada6be059231e41840f74294fdcdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a515d283bc1c2df95a90bcb5966c191d

SHA1
a25f52f0053afa7197af17604ad83c25254a0d45

SHA256
95c2808ca143e9f2a01ce48de823b24195bc6d91d5fe3b396e300cf0c54af4c7

SHA512
3ea855f438c7c30c8cdddf6da35dc72961170cb64cc2ec9e8947efd6f03b0f48985963177e7b75d49e5202022efef9603431d872c8c150387504dd2feead8b93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7831bbb06305c4881012ffb629a57129

SHA1
5ac4abafe42c14f2b8f3c43677c7f21a3f2052b4

SHA256
35e19624223f4ca9605716a98372fea0c9db923b3e51ea526896bef64bf0f4a9

SHA512
200452b03ebb02ea12218dfa59cf6d52e0b5ea968d55e25cced38f559cbd209d870eef70a5d78d8d1586af3dc83725810420fe8ce863cbc1ac5c9885ae54caf3

Download Submit