56c9545ddc6682972274f339fd6dc30d902a1cfced85ae7cf07115371663b683

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
07/05/2024, 17:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

212eba15c24a4cf3276782db950a3e83_JaffaCakes118.html
Size

17KB
MD5

212eba15c24a4cf3276782db950a3e83
SHA1

6a56531e0c86e25d79fc5429d6f4e716b70462d0
SHA256

56c9545ddc6682972274f339fd6dc30d902a1cfced85ae7cf07115371663b683
SHA512

0cf75389df36b312492516af2daef219206edde8ed6f1b233dfc586347034e6f3871cbbb4458c22351f79848a108b3754a9d3a730942216fc2717f116a986f53
SSDEEP

192:SIuxx08KWcWmbvycGJ/b1BUUUTA6zh9SbCM1zS0/LBGwrLN4hfzsEds/YhNjOfsH:SIP89JhBU5ZhiqSGw8BGo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3560	msedge.exe
3560	msedge.exe
3276	msedge.exe
3276	msedge.exe
3824	identity_helper.exe
3824	identity_helper.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe
4252	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 5112	3276	msedge.exe	83
PID 3276 wrote to memory of 5112	3276	msedge.exe	83
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 4920	3276	msedge.exe	84
PID 3276 wrote to memory of 3560	3276	msedge.exe	85
PID 3276 wrote to memory of 3560	3276	msedge.exe	85
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86
PID 3276 wrote to memory of 4960	3276	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\212eba15c24a4cf3276782db950a3e83_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdf95b46f8,0x7ffdf95b4708,0x7ffdf95b4718
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2348 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
  2⤵
  PID:2828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,9614672583405401105,16813256132549273060,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5068 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
21288b4d9c0c0113b527ea64b5388e34

SHA1
634686f9842986ab0a3419eda6aa8f70f9c388cc

SHA256
4c7d2bb7f631e4d60278030e90bba17d19e024ba27d9b3e980587f3525561788

SHA512
45cb5e6cac3cff3a39b3e7f14c3b7eca0003c69218d69a8426e7cb843ac87dcfcf5e8e2149da337265a8ad2aa9d899956686a7dc569875dfe33efbbc3ee50d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8d643566df5855d67b19ee1bf8af19f

SHA1
e14aa9ecffa2e790109f683ec0dfbc34448c95fe

SHA256
3e90e32f406376a4bfac7b1d2442378c3de301ce553e25e84d7697cbf7ce5c04

SHA512
f7bcb1ad89a40dc6dc5852fa9111f565b99bc7613f65d3e3d21d9fdfa4a96f05303c00a649a5802ca4f8230f772319efcc2f47d927b7dc3c8c67cd4ab5d06bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3e10f5bdd2621e6366f6146f946a4b62

SHA1
c784650ae74c634deac73ee86e31c61ae714b0aa

SHA256
0b0d8daf7f9930379d20f53d0ed2ba983e5f37b71c87fc579250ea69bc34f34a

SHA512
1110a99b556b869f4fa2a599c4217d7f1a5527766a253254f77f4a1dede25a8143619b0f74d7a3d571e10e8d6fc7b777974442254671b025a8f73e3ee6b25e64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07a5b2b4cd948fb6c1914a1aa8de65e0

SHA1
762f948942851c37ca51461cba1c4b9779772c89

SHA256
601842e3751b52135b67524e310e7a8155f65306649196c6108ca8f5037f0d56

SHA512
1b793cc4f43a4563ffb76594ed258168c53a82266cf5def5a46ba6bbd2bd86696c08d5429ac05f79fe4387b21a4ea8049737c614aae774332d360a0c5c2d0c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c73174c7bbdf21d621d216dc1ce43058

SHA1
20419dd0217b1d36f3c8950ea92114df05445dfe

SHA256
34e3b1b9b916dee4b2f82c284bebf56ec103a4afed880d06e464b912b779a3ae

SHA512
6649515785138d71717af8135ceaf51cfc438bcbe28c7ac4d1b6314e253b2dfb6ee6727064b99d6ee539bc84d8b1ad97aff25b0a545e1a6e0c4295b315f9ab94

Download Submit