c38e1ee267870b85f1bddd07e252fa7157bb10bfd4d491d1a9f3587bad74f2ad

Analysis

max time kernel
145s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1719ef4bf355f9e2f5ae0061f8fb261a_JaffaCakes118.html
Size

45KB
MD5

1719ef4bf355f9e2f5ae0061f8fb261a
SHA1

5d346e382ddb225428056b5b61a380421864540b
SHA256

c38e1ee267870b85f1bddd07e252fa7157bb10bfd4d491d1a9f3587bad74f2ad
SHA512

a305add08c59c4517c1a6e779d8d26e6ac5344066642f383b2304b2e7db1d30a2505764f88cc8cb44e70502e1b317964671d6d25b6a9d3b4aa4be2b04087ba54
SSDEEP

384:xQMIxxx3UNqIzOvHtao9oL8TwEh+dgCgLiwKgSHfy9YosS3knyh+ikS3wnDc+UT:xQlxHs8/+dgCgLiwKgSHa9hkny0+wn9A

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5408	msedge.exe
5408	msedge.exe
1904	msedge.exe
1904	msedge.exe
3740	identity_helper.exe
3740	identity_helper.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe
1904	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1904 wrote to memory of 2644	1904	msedge.exe	85
PID 1904 wrote to memory of 2644	1904	msedge.exe	85
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 692	1904	msedge.exe	86
PID 1904 wrote to memory of 5408	1904	msedge.exe	87
PID 1904 wrote to memory of 5408	1904	msedge.exe	87
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88
PID 1904 wrote to memory of 4640	1904	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1719ef4bf355f9e2f5ae0061f8fb261a_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f3b46f8,0x7ffa1f3b4708,0x7ffa1f3b4718
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5856 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,1498744143770615032,15966171767680921616,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
184B

MD5
45996eb12c5b1a531a2d9a3f56b913ff

SHA1
c61935c0ab773fc8ca70f30b06620bd6e304c092

SHA256
9f1f531b5d1eb3c957e2a57f0d59533bd7bb5da6f59e230b70b1e942e6dcca33

SHA512
06455d33c060be6c22db298dfd4585f15d853d471e7ebee67e35c7fd2526261e400ca536cc3e3b3acf32175ea3b8ed41ee1c0e5bd3fa811e0217d1a078af42da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
fe795a5e0e221c96fa0bac1a13e79525

SHA1
e37103231e3a34972be60cba3bb38a64d0bc0799

SHA256
f60c0f48215421e8925b6e7b1e0ab9060e6dfe5f5bf5c18e04466d2d8431db65

SHA512
8bb8d25701d519ae89823a373e56fe18015eff69e818580174493d2b39cbf3e6670482b5012ffc1f80f4db72fd32ff8c612d6a46732acb19201f0775168355b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d909754ed8e55a087d7d3119934dca5

SHA1
18b4440275e24f10d8120c295a51388870c73788

SHA256
1311d654abefdba598d72ca0d28a43c6c5103dd23148071c4c8047f329c97461

SHA512
d77e19732cfc8bf654e212bed87fb5ba69dabbe1ca45991af70b02461825f5fafda37b46bb302d3bf3a39d897b3677a4bf8a9be85bcb5c021bfd171a8f8cf000

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
64d084845251e43331c462cc75c9eced

SHA1
0fd7895b927dd8935a2c49f907eccd2087b908b1

SHA256
0ed20e1d721e6a851a6ce5316d9e965b2a8781b273082addb4d12fd8775b20fe

SHA512
6c0f83c30c2596083d8a97e0565bc450d0a396282c1b1dbe0dac5dcc3519acd1ecfad33c3add22362d9142aa2144338e499a2add7d8cad78cc7694a6468524e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e3dadc8df96ac8e1119d92dd9dbb5dd3

SHA1
3c13848e0474f920c8d7cba8f5b2bb5432e85cf5

SHA256
969ecceccd7a9bf6b9310e2148b0a223794a11bd5b6a9abe2cefe30dda353a7d

SHA512
f17d8d63fbdc379117e63fa5084911645f3dabf3cd0fae34671fa02824ca6650fdb38656d99539e320b6c467049372257584457b749ad04e08fe67b364623a1c

Download Submit