7826cf72db29d06183a94640a62b68fb4669dbd084ad1568af8e3ba0872f9d4a

Analysis

max time kernel
141s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04/05/2024, 09:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1215abd41ad47a95fd45aeb062fe71ec_JaffaCakes118.html
Size

122KB
MD5

1215abd41ad47a95fd45aeb062fe71ec
SHA1

c5054f3d017845bcc6577008b9919d89c9c3974a
SHA256

7826cf72db29d06183a94640a62b68fb4669dbd084ad1568af8e3ba0872f9d4a
SHA512

74f35958ff0728d7859a130a67be7521387d790418a44ea146b5099975fde2ee5dc70f4b8c81e6ef70c0ea08d64698d7797d984b3608249d807f1549acd81d49
SSDEEP

3072:S9H36AyMmhPyfkMY+BES09JXAnyrZalI+YQ:SJ36AyMmhasMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1448	msedge.exe
1448	msedge.exe
2456	msedge.exe
2456	msedge.exe
3968	identity_helper.exe
3968	identity_helper.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe
2456	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 4112	2456	msedge.exe	84
PID 2456 wrote to memory of 4112	2456	msedge.exe	84
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1652	2456	msedge.exe	85
PID 2456 wrote to memory of 1448	2456	msedge.exe	86
PID 2456 wrote to memory of 1448	2456	msedge.exe	86
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87
PID 2456 wrote to memory of 1400	2456	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1215abd41ad47a95fd45aeb062fe71ec_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffca55546f8,0x7ffca5554708,0x7ffca5554718
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
  2⤵
  PID:1400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
  2⤵
  PID:3828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,803043590665918494,5156305044188370546,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac2dd5664ea1131ebcffa50dfb1b9f31

SHA1
aab909f16262ed7727b7758bb8dbc77ca6855b8b

SHA256
e9810c37dc57fe5426a9430ad6070aec3481572a94ce7ceb86a88c26cf6cc2e1

SHA512
dcac63dcdf0585afb80e3c361071cce005a6dcf3ae83a209f509a954ef9de07c886efc3cab47975b15eceb3f1ff855533b07c153ecfc654bddd6352180ab8a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d46f64272956fce42e41ed0206cf1190

SHA1
ca57973613fa72c8b831ef5ebf51b087b36b49e6

SHA256
5ecaa91a553e100b84c1c508065a4b00db8bf94f5f27359c4f71ba47cb34d99f

SHA512
969c707bcfe8101ffb455e2440c104dadf832d23122b64a6b444f22e28774006313bfe2ee09e8f0bb8a7047e95fddbde80d8666e7c63391d2fbfdc2015e4de6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5d9704d1527d18bd3c9056175da72046

SHA1
1693eda45145400cc992e3bf16b7189372267ec7

SHA256
b13742db4f6840ba9eeb5de06a020282644283342fb62c3b78b29f02ab4c5a83

SHA512
284606f77c49d033b4a0d9154fab2b869004593a71b5f965f8f87cfe8a1afde8ab5afb612779c03e1a02deefa28aa3e20f9147406c361c9fb9b8dd4af093905d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eddeee625ceff40666e7edbd7a221bf4

SHA1
3e75be4b13b9ef8848c61455682472a583da9d4e

SHA256
1f8408a83dd9ae982644f428abc845f60a14908954b1cbd4f76178f4dd1ad6fc

SHA512
501987b765dbe282b8882283313da05677dd7a5a42ae802620b335b2d6636436fa5bc606ef9bf191e546efd9d3b2979a331493509f4b396496ea92f0735c555f

Download Submit