971e06ea8e402544b745f31e1bccf8dc58f63283d91801678297d537f3503101

Analysis

max time kernel
135s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 09:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

244142b9464469146b79dba9f9a8d631_JaffaCakes118.html
Size

3KB
MD5

244142b9464469146b79dba9f9a8d631
SHA1

8270b2cc31dcc2c3b7992ce447b75b4fa2273795
SHA256

971e06ea8e402544b745f31e1bccf8dc58f63283d91801678297d537f3503101
SHA512

c4129e6866d0bf5c9e87b06765a79dfbda0ea983adcaa30cfcb6629539bce749c62e39a4396fe5984e2a2b074b3fb27bb7de46ba0159efb1bb6a87c71b095974

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4420	msedge.exe
4420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3540	identity_helper.exe
3540	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe
3420	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3420 wrote to memory of 2092	3420	msedge.exe	84
PID 3420 wrote to memory of 2092	3420	msedge.exe	84
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4480	3420	msedge.exe	85
PID 3420 wrote to memory of 4420	3420	msedge.exe	86
PID 3420 wrote to memory of 4420	3420	msedge.exe	86
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87
PID 3420 wrote to memory of 4388	3420	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\244142b9464469146b79dba9f9a8d631_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd919f46f8,0x7ffd919f4708,0x7ffd919f4718
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2600 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5548 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,4084858956352530032,3575378766304771217,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3924 /prefetch:1
  2⤵
  PID:636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3932

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4e96ed67859d0bafd47d805a71041f49

SHA1
7806c54ae29a6c8d01dcbc78e5525ddde321b16b

SHA256
bd13ddab4dc4bbf01ed50341953c9638f6d71faf92bc79fbfe93687432c2292d

SHA512
432201c3119779d91d13da55a26d4ff4ce4a9529e00b44ec1738029f92610d4e6e25c05694adf949c3e9c70fbbbbea723f63c29287906729f5e88a046a2edcb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cbd0e9a14155b7f5d4f542d09a83153

SHA1
27a442a921921d69743a8e4b76ff0b66016c4b76

SHA256
243d05d6af19bfe3e06b1f7507342ead88f9d87b84e239ad1d144e9e454b548c

SHA512
17e5217d5bf67571afb0e7ef30ac21c11ea6553f89457548d96ee4461011f641a7872a37257239fa5f25702f027afb85d5bd9faf2f2f183992b8879407e56a0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7d1fb333b561156c84cdc79b5c396841

SHA1
80205d9e09b73fb2e997621350c2cd8e75c6c72f

SHA256
e64b59322f45b0912c349c90ed5a2ae8c5dcbfe4318bfd49c9dec16cd7d1ff46

SHA512
c15234df8325d6d03f93c3af3f8b0e739f2e08c1d073cb4e92ff15fc59dc3acce4097b2c133df88903e16f2cbaae7153d855e47c61d00b3052bfd95043e12fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
16e81634c717cb5947ed9aa070ddc2b7

SHA1
022d7f21c91255339bc19c6da4bf31ab2ba0dab8

SHA256
6f1a26fc5ffafc2290377b138faf803ebe1c9456aaba65232d89509fd750a29e

SHA512
558affbcfc751a0b49af4aa9327b2cc8d1b51b1a9f1fe0591a70a1c7d29e5c8ed323d4db9bf804dcd4d2cc01eef27f0e4ec26cbdf7eb770ef11d98be213a924d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b572a8ca19731aeb4885d566aa31de13

SHA1
0935729f85dff761f3357e53f177e466fe21a7cd

SHA256
60b2bec4708a50fd6954f43c5f64453e521656b04ea5a08ad467f213f43f14c7

SHA512
7c14eea06c7d5dbfad0e5c7b17fa2b5a4d42ade35d42a9db0999a3c50359cf2798148c0fd9436b9b1ba3327dd620b87bde5cb7a75f7cd5bba9535926f0a51aa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
9fee303f677ac46fbf42cc5899b73482

SHA1
91510816979b8c3dd9b351988321c26de96a6d73

SHA256
0ef2fd6e21044f5799c7f474801b4f10668cb2d6e97a87980fb391ae8588133d

SHA512
86f346fb0db8878327342da8b6c4f7c057e0be6bc98a4a30b10d1ab3db55b7f314601222c97796c63d971cdb14b58ad0a44cfc47401bee8db98660af987d3705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3debe6e669ed44bd91e6d45893fe3a53

SHA1
4dbfe87ad15415e5726a79eda318e931eea6a61a

SHA256
266c9794ed900cb9942cf0160da57cedd7b18723f056b311766380752c9d4b11

SHA512
65984115ddf98c3abac0b4a52acd5a77bf89bc5f24cb59ec12933cbd9cac010bc9af70b76f37d58e8513f62f11171fec433d5a87c713ab402b1cd0a4890bcf4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b7e75081a4c42b00f3826cf70b219598

SHA1
7460c46bebee5aeaaaefe391414908a814bd01e9

SHA256
b3ef2590ff2983a44fb183be68c3e98021fc88aa3ef5e2c749165d24cf8cc7f4

SHA512
fecd70c658dc26355ca5d349f41760508379957a643f8cfc07face9a3dbcdba3b4a01ed712d11b887394e02dcd0cb76ec059b22473f51882f0cdb5abbfca4f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8489789be509e0a1c041fe6ddb4204d4

SHA1
bb815458c88df23ce4d1ad44481a25c536dba7cb

SHA256
4828450967336c2e1eefe0a606ca61302ac0cc26a834fb52c1e7ce2a7bed1412

SHA512
a7c4464b8ec898e0a507eb1aab9ffdd2ab316c85ad4994e4e81ba2ad0d275a7d392fbeb80e607d60cff8ca19bf6247068f49ed9ba85a6071ea41ec2960278c30

Download Submit