a97f67b402713ecad09e384ce97fb0969301612d50da9b3bc6ae0293436a1755

Analysis

max time kernel
145s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
05/05/2024, 10:38

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

174b3fb7aaa4f33faf461fd208129c34_JaffaCakes118.html
Size

27KB
MD5

174b3fb7aaa4f33faf461fd208129c34
SHA1

41f8733c4fc2ca1a789915cd78999f95ae6750d7
SHA256

a97f67b402713ecad09e384ce97fb0969301612d50da9b3bc6ae0293436a1755
SHA512

64e53044cfb5abf19ef5f082b6ff011dd0bebcd1fcb4ba3f1ff8699166af8ad084c80d24bfbbe4c55a8c5a2d1217d3ca258a7d804e9179eee7a111ede0136e03
SSDEEP

384:37d/T5b4iz6kMTq3rkFdIYsKO2NhWXAaXsCzSk8zRmLbchhXgNStbwVbSWC:Rtb7rMTTnm2NgT7zSXRmZHbSWC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2768	msedge.exe
2768	msedge.exe
3644	msedge.exe
3644	msedge.exe
3728	identity_helper.exe
3728	identity_helper.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe
3644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3644 wrote to memory of 1160	3644	msedge.exe	85
PID 3644 wrote to memory of 1160	3644	msedge.exe	85
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 4780	3644	msedge.exe	86
PID 3644 wrote to memory of 2768	3644	msedge.exe	87
PID 3644 wrote to memory of 2768	3644	msedge.exe	87
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88
PID 3644 wrote to memory of 3052	3644	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\174b3fb7aaa4f33faf461fd208129c34_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc923546f8,0x7ffc92354708,0x7ffc92354718
  2⤵
  PID:1160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:3180
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,787998402855793718,3264140385573278139,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5712 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2a70f1bd4da893a67660d6432970788d

SHA1
ddf4047e0d468f56ea0c0d8ff078a86a0bb62873

SHA256
c550af5ba51f68ac4d18747edc5dea1a655dd212d84bad1e6168ba7a97745561

SHA512
26b9a365e77df032fc5c461d85d1ba313eafead38827190608c6537ec12b2dfdbed4e1705bfd1e61899034791ad6fa88ea7490c3a48cdaec4d04cd0577b11343

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fbe1ce4d182aaffb80de94263be1dd35

SHA1
bc6c9827aa35a136a7d79be9e606ff359e2ac3ea

SHA256
0021f72dbca789f179762b0e17c28fe0b93a12539b08294800e47469905aeb51

SHA512
3fb0a3b38e7d4a30f5560594b1d14e6e58419e274255fb68dfe0ca897aa181f9ce8cb2048403f851fd36a17b0e34d272d03927769d41a500b2fe64806354902f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
659e0f8a23fd418812cc6c275248b82a

SHA1
791b746589b2203f12a01c74a2763a138df40ca9

SHA256
69e56bd5b1243f92fe467ba7f15428969eebf5dd9a2db35098e98dc82a964870

SHA512
08f33118f197cc0009d8ac7bfdcd83a61c7e6a15631b75e9bef7c41882851936d44a5dcbf64b9272668df99038c4293145439e99d81ea1f2eb5fa05ee429e1fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
914ebbe1eafd85a12abdc14a48f93ea3

SHA1
7213e28385176992944fd2b2c36a9c56d67b875c

SHA256
6249d8c8eb267ca9c5a3651109c23ee46a67c4f71a1c52cc0871ad535beb6252

SHA512
17df52881d821b9302c542412a514804b1aa871e920e06806933f07eb476a083e6832c0167e599e057a9bff921215d2057cae39271a7198ef1276c2ae2f9e754

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ccd13721170cb38ed33fd48394b82901

SHA1
3db9a95cf4f961b372a452ab6c9ab80e0009c85d

SHA256
aae56b01d91e36a8f2e2b22937567653460540bd2b7cd5c3494e7e6e4f883e28

SHA512
56feee373be15337c6e3052d70bd9af2298f586fbe49b0a0145a37eeccb4b3f22e57004e70218b5f7707027cfc5b8329251fd759c16b036517652fa0ee883f34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
57c22f0122f3128956908325edec1eef

SHA1
a7e595095ed1c8bf7f8aab2c450a342b74d14679

SHA256
9f96bf5ff3a6fb0a0c3dd5cf3e21b31ade70fcd9e63f7c3da4239d52e4d01896

SHA512
9bea4ddc406b286bb23510663008d42f024982fbfc69643eecf01f61c793426e26dd18d71f9913a79dcbe3b42411dbe093ed5383a3e7ec3b101d2278355162dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cdaa33f5e9d6346be8ae7c14f621b4d9

SHA1
d0f850c8a31a567b3d598f940354cd302b1cc760

SHA256
f696ba5ea65fb224e01d41248f740665a2eb576dca54c56ed4afdb2db88f68b7

SHA512
08a8a9af21e9caa9e673ed6b863635e4733da983d07a78f1f663b8fe7a7ff857b20e5ad549507884b60be3da97b24a4ccc72232704e0a97a9673d3d155923e66

Download Submit