292522bc838aad15986ebe78e8b9336b32ed3d647ff3fc06310dab3f517f28a4

Analysis

max time kernel
150s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f3397042a27185bb72d1aa4081422b4_JaffaCakes118.html
Size

40KB
MD5

1f3397042a27185bb72d1aa4081422b4
SHA1

cce5c2ec521f3899c8c6f6f4a9c9d0af68e5575d
SHA256

292522bc838aad15986ebe78e8b9336b32ed3d647ff3fc06310dab3f517f28a4
SHA512

eb9a61645cc75907ad0b8508fccafc67f9b86edae267f5b00fa7ca8c3ba8be95ecbd0849fb1bfda88db07999d7a6265e1fabe6b9d996e7bec3b0a1e5c9af109d
SSDEEP

384:7dG6vH4/jIB0FlOkEOi1SjXRS2tIhQzm6FLGhguwq517XTBkBY5AZidOu5TCBT9:7oGHIjIajyv7WB1ZidOu5TCBT9

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4600	msedge.exe
4600	msedge.exe
1236	msedge.exe
1236	msedge.exe
920	identity_helper.exe
920	identity_helper.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe
456	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe
1236	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 1676	1236	msedge.exe	85
PID 1236 wrote to memory of 1676	1236	msedge.exe	85
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4376	1236	msedge.exe	86
PID 1236 wrote to memory of 4600	1236	msedge.exe	87
PID 1236 wrote to memory of 4600	1236	msedge.exe	87
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88
PID 1236 wrote to memory of 3640	1236	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\1f3397042a27185bb72d1aa4081422b4_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa597346f8,0x7ffa59734708,0x7ffa59734718
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
  2⤵
  PID:3640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:4704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,11190145417352895203,13292478512492191880,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
385B

MD5
717686f641fd6dbfab6b6098d26efd2c

SHA1
69804cb20c7f567ea75c292890954258c1b97872

SHA256
979c0a9029d294f083dc701c4733ff49ff11b484bb4a4d278fe898ff75127ac9

SHA512
14f033e8052d348377b4e765cfb1841825c606c80b543fe69ce6343adb54c028816f25d9cbaeafb8e05f88c9a918e87bd270c36b709a642f4689e412c8cac933

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ed379c091abfda18dc742b8419bc74ea

SHA1
5e99687c09e37d2b738f4fd987f5598a6bbcd626

SHA256
4e98eaa42f89ec65f581368c7c3c1d3891614d8100f614d59b54cc0377a54c7e

SHA512
5dfe997a67ba43b5b3574a3b6685f91e04ccb9deb8faf01599a76d0d655bfcc2e5f714d47a77265e0c0a81e6d050297590ce3d5971d34fbd4a77c311cd59308d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
94ed4ec38fc69d419fe2c216b7a2a592

SHA1
d1d6f7a8fe1430a3bec813afdfa6f80401fafa8f

SHA256
551398f766ac0d53d1617d94b21959665f4084da8c5192a169a07bd9e436043f

SHA512
f4e16c31e3b755d8064cede8d54b30129d8a51d5f334db7ad364116312f22f755842c83705dce898fe5f2c8feff0aa1565ace6a047270278a813f5684307543c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef89c5b0964ebe5f30aca10397f2e3e6

SHA1
cc6af3d33a6b410f1e9d9f326b574adccc952856

SHA256
de381782e8ad0195cadea196fbc299ddc12868d13f579316a1cbe98b66d6c7de

SHA512
d0a61898aa372614dacdc5dfe22cdf20c75dce181702eda3741ca95a4d1eb244ef1633d69a2c25ed40415f4be5d2258c2fcd390d25c493761aff36794d139cb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
b9b96512ab38e9b8a08399daa64229c0

SHA1
a106eb86a5fe86e6ae4a6112f820c044a6ffa0c4

SHA256
dd8f0cf66b4f825ad9e578f099b82c3f56e861937ef74829fd3dc70cec8bb666

SHA512
1f1eeecf5b9e0bb1fca457c30c8dec67770fb063fcc60529e4a22ea25a1d34ba2efc705f3d556b9d5bc8c0271f7f382bbb16da1c31e9e2c58ccc155f68fa76a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fa1f.TMP

Filesize
203B

MD5
789889ddfe49c0c82a57dc9d2c7869fe

SHA1
d009dc6775cae8b7159ba2f5149febb244a61fa0

SHA256
4d153b1a359f7301a44b4506f89bdba47793a0270d627c080b661b3c6992fe35

SHA512
ee87d0b577b0c9e5dc0c2ac01224e08ca217d1ed3e753de86d888295215305f59bf06950c1d52138bba73474e29a66cc75fda042b6e98c3d42a3aa5aecda1fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
be05087918516cf97d4271aa2c6b59fa

SHA1
3b24db8676fa64d41f945768223aba0d6bf0c133

SHA256
2cb105c0e4889ffe7fbb66675e56b70acfd038c70fb16eba8168ddd940870a51

SHA512
7948ce3f1a4697ff1f8872320fb39c601cc36895b95061e9eccb87927763e3b3ed2b34b31104407bc0dcb3f2dc58bacde416d6d6f136f6370719c5a840eea219

Download Submit