0d754f9c8313e0bbf42e46e6f75a8f33b6db931ff092db8a888eb61a4e648b24

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 08:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24114403021ec4b89faf1f439e1c88ef_JaffaCakes118.html
Size

78KB
MD5

24114403021ec4b89faf1f439e1c88ef
SHA1

3d67998c8fdcac595109b78271d636fdf1b265bc
SHA256

0d754f9c8313e0bbf42e46e6f75a8f33b6db931ff092db8a888eb61a4e648b24
SHA512

f00c6b9070fe9d90796d2ff158679456c905a551dfa24373288ec82a20a90be5d593b1d2abe3e4f52d312d61808d7ca99e1cd849b9a31cb0aba93a2ff3a569af
SSDEEP

1536:o+ycJIhBEj8qzfK9tdy+M83cmYfK9tQZOIOII:m18fK9S/VfK9uA

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4816	msedge.exe
4816	msedge.exe
2672	msedge.exe
2672	msedge.exe
4560	identity_helper.exe
4560	identity_helper.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe
4512	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe
2672	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 264	2672	msedge.exe	84
PID 2672 wrote to memory of 264	2672	msedge.exe	84
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 1336	2672	msedge.exe	85
PID 2672 wrote to memory of 4816	2672	msedge.exe	86
PID 2672 wrote to memory of 4816	2672	msedge.exe	86
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87
PID 2672 wrote to memory of 2008	2672	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\24114403021ec4b89faf1f439e1c88ef_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffd29046f8,0x7fffd2904708,0x7fffd2904718
  2⤵
  PID:264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2860 /prefetch:8
  2⤵
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:1724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5264 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:1052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7194651085102987722,13050955788617998257,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4812 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1280

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dbac49e66219979194c79f1cf1cb3dd1

SHA1
4ef87804a04d51ae1fac358f92382548b27f62f2

SHA256
f24ed6c5bf4b734a9af4d64e14a80a160bea569f50849f70bf7b7277c4f48562

SHA512
bb314d61f53cf7774f6dfb6b772c72f5daf386bc3d27d2bb7a14c65848ee86e6c48e9c5696693ded31846b69b9372a530175df48494e3d61a228e49d43401ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9e55f5864d6e2afd2fd84e25a3bc228

SHA1
a5efcff9e3df6252c7fe8535d505235f82aab276

SHA256
0f4df3120e4620555916be8e51c29be8d600d68ae5244efad6a0268aabc8c452

SHA512
12f45fa73a6de6dfe17acc8b52b60f2d79008da130730b74cc138c1dcd73ccc99487165e3c8c90dc247359fde272f1ec6b3cf2c5fcb04e5093936144d0558b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
548B

MD5
fa1abf25b2a4048b401c73f5d1956763

SHA1
080556317650a9decf52a5e3f886ab38a97562fd

SHA256
6c1e20eed4ae28355dc8c3ea86e9e8541b93e87e99b017716f7e6ec0addc5646

SHA512
2123a9c29e3bf6826d53952f84b046c80ab5f38ec6a5cab7d1d801a405592757c1c5478fdb273cfdd46e90925ce41e5ca834e25968210fa08f64806739fd83c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
548B

MD5
2c3a29779413159adc0eac7bc2832e99

SHA1
c0455c0fb27437e6dcbc0d841ddbdf325cb5503b

SHA256
9f627997dff32b4b70a0ec9b9ab7c5d35ef6a519d436ae872d42f2054801773b

SHA512
01ead7ea9eac37c91f6aef89e4018f480decf18147026eea8d2e7bda588d0ddf5beb1e85b043215dc8a39a9866d6b3ab3f1eb49db71efc659097e8a7a6b07695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
51ce4d274f4c884c0550d261cf37786a

SHA1
b862023b97c686a4691e4feb58b0b6301b3cad9b

SHA256
be0481af931750cc851184f3952cc6198f126c4cf17a1cdb3fb4492639afda6f

SHA512
ab651569670a0277a63b86b3d0c41a7765e4ebb5ad1fdcc474924ceaf127a1ae78b6e959bb0464ce86fdcb9ca570f969b4dd4459e2d16070b4843871003556dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
346feb7466e958ca7d2912a148e1f976

SHA1
a59b0b2885c114bebc197ac609546fc776594468

SHA256
e3019e2e9e0118f474b2a5ecb2c61ce50b8376d8d02b30ae2b19b1dc9f4a7ac6

SHA512
2d65774ea615389600b65c0cbb99393979e0861b4ea2f4cee528200748ba7623b3fb58f261c487c8e1b9f2a69f5c79c63e22539728f54ee36c638e05dca56279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f400d59d0dcb3b0a1c05f65376a0fc8d

SHA1
5b1ebf0ceccf0a7a2ff341de79ddc4473ba0f918

SHA256
89cec309ecbb169779a9ecd7e004d21c6762b3e454203b28bf782d25c32520c4

SHA512
5c54a5bb82e3dfc6e6ea1da0104e39e8c1a9bcfffd4b3e7bb85a513da8cfb12579cb9f54049fa4e9815d4a61c1e9a5d92e7ed415fdb1c598b14d54a36edbafba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04bd5a1dafa3a15e9bdc6cf71e38e8bb

SHA1
8feac790aad3f9d7a29adb2837f785db10562bf0

SHA256
97aa00a7ddd5de14da2c6f07c76a8ba8ca796320a3da681992028344d47a5bf1

SHA512
b97230662294e6cd8a8ca14340bd91fe320310c32447cd712c729a95893ec11ae27cdf69b4b0cac53468d5dbd6dc8d7be73f18c64f5dcd0e67736742545c894e

Download Submit