fc80ca6381c55bb2f6e1ca4209f4450d17d64d524f50c7b3f0286e992d28e6a6

Analysis

max time kernel
145s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07-05-2024 00:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1ee2c6d394113920ef20217fc200a05c_JaffaCakes118.html
Size

50KB
MD5

1ee2c6d394113920ef20217fc200a05c
SHA1

8235837ef3a336a238b654ddec40e13f0c19ba5f
SHA256

fc80ca6381c55bb2f6e1ca4209f4450d17d64d524f50c7b3f0286e992d28e6a6
SHA512

d5ba2b0392c2248bd6bfe1a044e58f50ee72b80b040ade709be9627b103d5855067012346a243e40c5f7824ad90123709b36258d7b5ae14ff4330f1a6769a25d
SSDEEP

1536:KVc80qkPTzLTmp0rqrNMjrbrHAdSctsM8Z0NrU:yc8CTHTm9dSusM8Z0NrU

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
5320	msedge.exe
5320	msedge.exe
1156	msedge.exe
1156	msedge.exe
1764	identity_helper.exe
1764	identity_helper.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe
5504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 4224	1156	msedge.exe	85
PID 1156 wrote to memory of 4224	1156	msedge.exe	85
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 4028	1156	msedge.exe	86
PID 1156 wrote to memory of 5320	1156	msedge.exe	87
PID 1156 wrote to memory of 5320	1156	msedge.exe	87
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88
PID 1156 wrote to memory of 3252	1156	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1ee2c6d394113920ef20217fc200a05c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa1f8c46f8,0x7ffa1f8c4708,0x7ffa1f8c4718
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1828 /prefetch:2
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:3656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4664 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1836,17286360038373764255,3956449889639721085,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2204 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
628B

MD5
9e49917da51567a16595f53567529410

SHA1
c82573e30a899d584a13bc5abbf98976d1845a30

SHA256
d143ccaa80e53045115b498c192931091eacc221927755cb97b435cea6426223

SHA512
e0304add351d564b4538168f4e03b235c6b7f55557ff8d6a1a201beb4b50ac6c43717f543494ace7ef1b3424309e0f5de4e54798f39c7b97329bf0abfeb87312

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6be337a6e9555cfd3f23a4015e58f448

SHA1
8d1feb294880d0ba4b086dbf87dad3e51a299040

SHA256
e3e243c1d70ae8c764939609a2dfbec23f964c23487af3a1c6d845d28c20ccd1

SHA512
8c2a3d03de5acf2f235e37d9ffcaeacab2aad0b75b6f814ffcc944f7ee2769be081d9ba6dd027a07397cf9bed803eb811b8d513c40e6608fab0545cc4cec7131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5209a803a52208193408330d74b4b6bb

SHA1
484285ee15a4e2b34411be5531b8e8191a42b5db

SHA256
753a73b915809ef6f8ee91c5c9c5f74a3b28c8d03a87ddcfd8ce0f03abcc9724

SHA512
7aaf0f4e58bb62427ea7e3dbb604e5d4525759b39441a4ab19dffc52f0494388f6ade7e88378109d7529ad2e5f0c9901d1bbdad8064d84b7bfe6e850a63d9221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c643816c28ec7770c9843936e207d8f9

SHA1
c15412df664a578de4716daa3779e90c87a33009

SHA256
3839ff074ad159f0ce077f791016b207aca297d3c03607af109e64a5e5aace45

SHA512
4915a903bff2111fb790c6921a123b042b1b21c10195f145fa4724c65361f22923b872ccf11e214057f918d71b3ce22c65f674e641b79393459377227e73a43b

Download Submit