93b587b5ddea95736231de90e7515d3e74c40938648773661ea0c5684e38a4e0

Analysis

max time kernel
141s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 12:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2083247676f0a3a5f4b10ac8be97014e_JaffaCakes118.html
Size

44KB
MD5

2083247676f0a3a5f4b10ac8be97014e
SHA1

7fb51739fe1d8d9a205053b2e583df84fb4e0e69
SHA256

93b587b5ddea95736231de90e7515d3e74c40938648773661ea0c5684e38a4e0
SHA512

5ff6d16c595e73eb355a25419f7d0ac9de07eb5fb87fcb0753fc7b108ee5e5ee33465a70ef2d5cbd61904f58a382fdda680acb2de1cff7a7429eed455d8acb9b
SSDEEP

768:PDBd6pyeZFEJZKWNQLXlVAFsyfjfOfSKk73Uk4Fi+rt4qaO:PDD64eZF2ZKWNQLXlVAFsybmKKk73UkC

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1012	msedge.exe
1012	msedge.exe
4152	msedge.exe
4152	msedge.exe
4380	identity_helper.exe
4380	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe
4152	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 1268	4152	msedge.exe	84
PID 4152 wrote to memory of 1268	4152	msedge.exe	84
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 552	4152	msedge.exe	85
PID 4152 wrote to memory of 1012	4152	msedge.exe	86
PID 4152 wrote to memory of 1012	4152	msedge.exe	86
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87
PID 4152 wrote to memory of 2608	4152	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2083247676f0a3a5f4b10ac8be97014e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f8ab46f8,0x7ff8f8ab4708,0x7ff8f8ab4718
  2⤵
  PID:1268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1932 /prefetch:8
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:3416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5472 /prefetch:1
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,15055170752836804940,3264400976824291731,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5388 /prefetch:2
  2⤵
  PID:3896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b2290ca03b4ca5fe52d82550c7e7d69

SHA1
20583a7851a906444204ce8ba4fa51153e6cd494

SHA256
f9ff4871fc5317299de907489d466e630be63d698c8f7cb77cc81faddbecc6d2

SHA512
704ec8122cc1c263dff67ddbb5c20ee0db8a438674d716bc3be5b266ee5629a219b0049d721f9eb2dd8f2d8fda0163659eaa4d3e1f0a6e9072a8ffb92bb2b25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
919c29d42fb6034fee2f5de14d573c63

SHA1
24a2e1042347b3853344157239bde3ed699047a8

SHA256
17cd6de97a0c020cb4935739cfef4ec4e074e8d127ac4c531b6dc496580c8141

SHA512
bb7eadd087bbcec8b1b8a49b102b454333f2f9708d36b6ffc3c82fdc52e46873398d967238c3bfe9ac6caef45b017a5fe3938ebf5f3053e4ef9be7b2752b563d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
462B

MD5
4ba1c445a85fee8976639e3b357cd447

SHA1
bc9fb86b9820376e56f584b3662a5403b4559108

SHA256
a0ffd9a48f7a4414886ffc6b4b778704a9a4e3e7f1f3fec27dd18b63e23e4d34

SHA512
673e0a34cf6b2cae34a5400bdf05af5c04c1f69e5925dfe04b5fa8f0dc0b6691987c23d66342a8a5827271aa387fdadb614b52af7801dbbccd9b60175e52eb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9b416ac0c3c50678fb7d704c3878bc6

SHA1
416312159608a1a164826b895357ac92112be7fe

SHA256
cc5b2c28e63a010091aa4d583903b27aaf3ec1bd27fd9a611a8cb9b7e3207eeb

SHA512
387f6f6fffb314a941c32e83598e11097398698d5030aee2db4f9dd648b2d8fa9074543049cfdea08f13789198f1f03620d11c7def62042d112567b4dcf67db9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5e2e9bbc8c0b9ae14f665ea20a8ab83f

SHA1
caa1fca520bcbc34f4a5c0766ea3d7cb7b591a1b

SHA256
c98a6ee3ac4fd849345d5c8ecf0621cd396700b7ed5d5916ff047e942cf107a3

SHA512
aee0e84f04b74c2da9cea23bc3c30d57df54fc475513f3e172b3554db63d7df2b39eb109a8be47fcd445391693b90346e8584749fd22bce2deacdb4756adb279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a4c1cf45dd22c55a57f7255ef66a745b

SHA1
535ac4ae2e8349082c58a4389eb70292e1e1580e

SHA256
d431b044ef7f775eaffc8f2aafae0d9a0a07f6f9b6d9ae88d8d5d83819a7f27c

SHA512
49b261c4be1503586ccaa7ff50a33fbd214805c867d13b8dc0461be5498be825869aaeb4e424cd2e9fbdbc840b4595e98428c33a2573159390215af7ceda74b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6b8b795cdeac8cfe29f14e86295de99f

SHA1
3b1fe0c96f07a90e13061e00deb5cc79bffbc744

SHA256
73d77bd8c891cc77d607969f5be105f42a5f1ecb353ac5877253012a677cb42b

SHA512
7fa75c3358fae02e4fd5ad23e96199f414e88c1577d0e6b38db4d74d76ebc30a78582489a0c8ac1a9e314ef605d5adb3f404643c4fb669bf015d49692a1fec2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c71c3e2e26321ca02ee9ab11f58e4954

SHA1
437d35dfdbfbb452e3272842dcc4c60223eb9778

SHA256
153c9980770a299c3d2e963260023377e43b7bf3dbf61b2c285d69870436b409

SHA512
ab11ac48545a29d1d6f2390305dbbf4d80d1241c5be6cbdf5f725e3fd20ff29a2d34f97c5c28387bc1387288363e0eecd331af4aa8ca59bcdee0d01fa827f2b1

Download Submit