f49012c0e84e257763ae7c398cf5c6a6291979dc4edfee7ef0d4eda2cd361c7c

Analysis

max time kernel
145s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08-05-2024 06:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2389db9c7e72010281b696ac107ce6f6_JaffaCakes118.html
Size

34KB
MD5

2389db9c7e72010281b696ac107ce6f6
SHA1

1531dafb37cedc10810e54dfb409cc5aec948ed4
SHA256

f49012c0e84e257763ae7c398cf5c6a6291979dc4edfee7ef0d4eda2cd361c7c
SHA512

59341a1a7c97dfe17a5e54df2e5067365f4c2fefe115223ff0daf3211280709a873d2787ad907e90fb77dd5063219ddeb18db403d8b0eb8e43d7cf8863c15d98
SSDEEP

384:19UlqUdIt3yp1LlIuNnOaBbHDE9itAs0r8pM:12kiIt3yvCuNOaBbjE9kY

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
2160	msedge.exe
2160	msedge.exe
2084	identity_helper.exe
2084	identity_helper.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe
5736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe
2160	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2904	2160	msedge.exe	84
PID 2160 wrote to memory of 2904	2160	msedge.exe	84
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4780	2160	msedge.exe	85
PID 2160 wrote to memory of 4856	2160	msedge.exe	86
PID 2160 wrote to memory of 4856	2160	msedge.exe	86
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87
PID 2160 wrote to memory of 3036	2160	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2389db9c7e72010281b696ac107ce6f6_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe4e9246f8,0x7ffe4e924708,0x7ffe4e924718
  2⤵
  PID:2904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:3036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:876
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:3524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,12869041842756259976,15998306913152711349,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4228 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a9c820369fa4c546ce83c292463eb1dc

SHA1
25b5d4195f8bd8d0b2877a8780dbd724e7481381

SHA256
1aaa1878862a9f4df05210b3c4c27e04afb2e3ad885d38f741f4a79a0ded00cb

SHA512
e0bb95998dcbc4afd9becc58133e89f020ebbdd673ee087da6915020507e1b499e7c7a3e1a6ebd3fbd662fcdd3c2eff8d27b908a4159ae3607e06b2f5f7dc6db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3aa966124a79dcfa6409993043e56111

SHA1
66fe255de9c992d8e117791286b78526c7cb67b0

SHA256
de2ffd49200907440538ae634caac3844e133cb1794f8fe24a4c24265f826e33

SHA512
5f5be0c2620016c04a80000a6e1da4a09feb1ec261d1a224bedb227d3b11cdc47187951567f6937fd18293bd33ac9c819a3b1eda03534da9fb486b7ff1cae9c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54fda0a021e87a04c51e01131e7d66f2

SHA1
0347eb793f9930dcd37478a850333a29fdbf37d8

SHA256
7953332780b88c7ac71c402141e3be9a759e841d072d54c6b7f0e2e3535903e7

SHA512
1b1c1c0d3321f34ffcdbea7598148cb738ede9f9a7795d6cf277132a31fb56098971551b16236d2e2e413d1becbbc13688af73c52e8764a3d2f4f939385a13b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
630c9a625fe08c99df1ccbad0bfe1419

SHA1
979406e56b824f016808ee811b8e138f9e985eeb

SHA256
73626330665f0d311e3d205a9a548b73ad29c0087d5f0dd9a769f2caa00a7cc1

SHA512
f9afa3ebf57786c78849306d3eea59a5ca97a8d449cd353b0f94985f585d593c78158d21f496589c521615000b3054cd521cf46befd3d7d2d8efd8d18186ea8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b45f61714ea20846105aa05234b5620a

SHA1
a32d0cef03ff3d36a7352a972cdd243f4cf82a0b

SHA256
2a89591c139e435d02db488a2a9f0dfe74c5ac2fb3bf297d045ab22fce4225bf

SHA512
b3d6a85e0c82542ab063bc40b71ba39ded56d05ec0b637b3724de1aa18d8907d28cc6409fc8919a84241a868ce70506ffec38cf19d78a7c3f6d6cf4fdeb40c07

Download Submit