39df983a4359bee20a413c17ba100283d1f52036d004a0a45d209f7b9750aa1a

Analysis

max time kernel
145s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

270f87ef765b202f78c926627433a81e_JaffaCakes118.html
Size

36KB
MD5

270f87ef765b202f78c926627433a81e
SHA1

60a705f593540c15fa5bfa11c305987237378163
SHA256

39df983a4359bee20a413c17ba100283d1f52036d004a0a45d209f7b9750aa1a
SHA512

99b46fbdb483fe5de302efe2d67688484b7bad49bacbe23e4b2b207b3b6f17f7612832ab0470972032117de7c773b623e157202286bd3678c9463fcd6afc2383
SSDEEP

768:zwx/MDTHjr88hARvZPX2E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TUZOD6lrw6lLRcK:Q/XbJxNVru0S9/S8XK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
4924	msedge.exe
4924	msedge.exe
4276	identity_helper.exe
4276	identity_helper.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe
4924	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4772	4924	msedge.exe	80
PID 4924 wrote to memory of 4772	4924	msedge.exe	80
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 412	4924	msedge.exe	82
PID 4924 wrote to memory of 1156	4924	msedge.exe	83
PID 4924 wrote to memory of 1156	4924	msedge.exe	83
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84
PID 4924 wrote to memory of 2732	4924	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\270f87ef765b202f78c926627433a81e_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97dc546f8,0x7ff97dc54708,0x7ff97dc54718
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
  2⤵
  PID:2732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:4120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,2701273039143185923,1704478459885773486,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4924 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
614B

MD5
b3f9154d5ff94ae8b328d7f261b70da4

SHA1
4eb72306ef7a6264982ea9031555ce1d27c0e97a

SHA256
c5adc19fca5bb5a0076b0338b785a8ebcbd9dbf143637fe0c91a4cd3bd506963

SHA512
4d94243f507c73a80cdd0016aa7d29bac1a460e6b069b6e54400ada664403c18c226b0e6f12bfe5a7a64b2127d7c1b7d2b34e87b412f363e629ebebb93138d04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
80cc289966b5f58d543f023637690b70

SHA1
e2f67beb10bcdaa1cd4716c87ad102d234fb2fec

SHA256
7210f472a54b2fde1dd42c771c6d566b64f67d6a3412ea71dd1efda8802afadd

SHA512
ca4dafdbfd00a47b7ddea6ced3ddf9ba44416991273b3ebc188315aba577234022505e0e1b55762c40397808e750dd95c43564830eed1ad4cc781518ee4da3a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d814b3453ed634b9b4306bf2ec9859ba

SHA1
b2b383f1f0d252c1128ae406b01ce88838684fa0

SHA256
f95bd51c609968c7aff06da37274136997fe99c02a41c80881c1a5003a965f79

SHA512
d288a234e894e970451a78cd2e10c7c417de9338f9d8cc94f6b78e637055e1acca6b628cb5168846bf875e1a7e0dd14060cd5eab1b753761e717fb5de74e84a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50bbd1f5d80509dc0fc0cbc1c5ccdc67

SHA1
97fa13cbf06c3dabc373a70433d6025afb40ca24

SHA256
a9634d8b0b91e53f309886bba38077a5ca41876303c6f5ad180a47fd3a7ff220

SHA512
cca2e61f8141dbd98f4b914efb5e4f028b130523b3086906bb39acee9da3d10e2777de0a385acee3d66dc73eadb3bd294d7e9754e2387ae24fbd8a10da2922db

Download Submit