169f545e821869fd37d679752331240dc8fbbfbdf6d13f357aee0e1498a342a2

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2024 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13f5ae72e2314ab59352437776b749fd_JaffaCakes118.html
Size

42KB
MD5

13f5ae72e2314ab59352437776b749fd
SHA1

abecee1290fd90a63a1156936526ee1fd282d75d
SHA256

169f545e821869fd37d679752331240dc8fbbfbdf6d13f357aee0e1498a342a2
SHA512

58759b809d6a2cce61e94bd46e51f0837eccd6500c5546c0ddbcb2ab01e3db0616b81bc0313567b3bcfc319533d6ca34b1c6acf50cb601c4617f4e00b9ab23e0
SSDEEP

768:efqSr5mtVvbjLsmADoT2MX7LSpcbcWrQBAy:efqSrcVvbj/X7LSpcbcWr6

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4912	msedge.exe
4912	msedge.exe
4544	msedge.exe
4544	msedge.exe
2660	identity_helper.exe
2660	identity_helper.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe
3212	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe
4544	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4544 wrote to memory of 212	4544	msedge.exe	86
PID 4544 wrote to memory of 212	4544	msedge.exe	86
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 2100	4544	msedge.exe	87
PID 4544 wrote to memory of 4912	4544	msedge.exe	88
PID 4544 wrote to memory of 4912	4544	msedge.exe	88
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89
PID 4544 wrote to memory of 704	4544	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\13f5ae72e2314ab59352437776b749fd_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa3a5f46f8,0x7ffa3a5f4708,0x7ffa3a5f4718
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1792 /prefetch:1
  2⤵
  PID:4720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1360 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16332251410370361053,2146009927018936336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1744 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3ed775a4-af96-4e9f-9ae2-3cd5618697c1.tmp

Filesize
6KB

MD5
0f82bd803a180c18ddfc34c4b895e828

SHA1
4f3fdd27b587ea09e22eec09ba438eaedf46af7e

SHA256
4492a76a2271473b4d010f423af58bde39317cd09cd1e5efbe2ed51402b76004

SHA512
0b821fb27880a9c2564da2a9c3edc9e4c488260f6c5438bea190d6b265898f8623e08ed542b329c66d4b5cbf1cae31d0892a64bc2cefba62a10acd6d8b878c0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
391B

MD5
7ef96453e29a8598ac76c224affa1943

SHA1
d630b0251efe9d450e04ff16f6edc7758cd4c2d2

SHA256
f8123ed247596a415322527b2b6fe4fd271a29d7bc4c8833a14a5ab435f7fc42

SHA512
2af545fa9844a3df0d10d0dad69bc8710021e9a31912eaf71ec76a0d2ab89aa5cab8ee8f3315b953c5e2f950976989df5e31a545166b82cd8ba900cd321afb7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3f02cd903fe44839ab2756ae147fbaba

SHA1
14e7537188ffbfa15d957303bc9855b803d460d3

SHA256
79f7fb3d848539e6df024ae9a67f0a4624a53f7b4d571aedfbc58ffcca249160

SHA512
0d2f0c860cafb0bc9785ed763012f53107327dc3462d20a3ee020da0395fbab60cdf2a8ccef537e7081f01e6f28794d3bb4b66f55ad808f4b7877d55bf9c8abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c37537b0cd0910e5f4f54a257424e932

SHA1
84f700469fef4c6ee8f4c6f27b5aac85a41cf160

SHA256
afcbc768dd8f04fa8ad88f477a389690965a9e8c0b831c4e6354578d8b2d75e4

SHA512
17b03a62d911869391f46b4d63a4e09331a90105633099e78c57b3ab77c6380380af7b38b32059e119ecea13a5fbfb19053b8fec64f67fa44896f563c9cf4810

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37f660fc6da3ea8bc35595bb5c6653e7

SHA1
f373040765846ce94168f1433d21e57594c6fe50

SHA256
2c04b423daf487a5a6cec7c1954e558e85ddfe3cb3508faf009bff607778de76

SHA512
1e9445314e5d30404b59f8277435fc1791a3729414f8e6cdab8ec1d7735a96d9ae998221da4f033c3c449074bae536e301b8683b6829b79176471c4cb9089896

Download Submit