26ea35931569a1e4fee20b193308e07208a64f83e2da75a46be6f807f62875cc

Analysis

max time kernel
145s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08/05/2024, 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26b15a91ee4371bb5d72b6a37daf865f_JaffaCakes118.html
Size

94KB
MD5

26b15a91ee4371bb5d72b6a37daf865f
SHA1

807b486db3c04a05581aa79d14f3abd1b52d3d0d
SHA256

26ea35931569a1e4fee20b193308e07208a64f83e2da75a46be6f807f62875cc
SHA512

0cc3d9b0339ea63e11cc5f2c3c09bfb80f87e6cb0bd70e2505fb17b7fdb692b7ef23c3e64edc9e85070d3989347ad5352c3cd6236ee35ebfb6a6a4e1e929afe9
SSDEEP

1536:WMLiNV7LUjQGkCZYFLoA4fBU3RfpNaXXZbjr/yWBdkrY8mgHC+qpEyW:WAi1ifBdkrY8mgHC+qpEyW

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
612	msedge.exe
612	msedge.exe
3980	identity_helper.exe
3980	identity_helper.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe
736	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe
612	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 612 wrote to memory of 4532	612	msedge.exe	80
PID 612 wrote to memory of 4532	612	msedge.exe	80
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 3788	612	msedge.exe	82
PID 612 wrote to memory of 2584	612	msedge.exe	83
PID 612 wrote to memory of 2584	612	msedge.exe	83
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84
PID 612 wrote to memory of 632	612	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\26b15a91ee4371bb5d72b6a37daf865f_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97dc546f8,0x7ff97dc54708,0x7ff97dc54718
  2⤵
  PID:4532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:1832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,18067269039193128659,18065217100622312445,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3028 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3224

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
efb3e41ddcb00d4e436d59962fe73c4d

SHA1
4b9f2cbd664cf2136cd6966774f9ee04b4efa46a

SHA256
edc776d59064e412098066a07cba55cbabb1e7d18534e1292d34003961ad3bb6

SHA512
85a53139125a0e589b222ebee00d1c593eb24c8059b9f3f86196f8ef346cf7fc988493bb6f5cebf7aec2d0debc5017eff291b04e8aa37180d1ec5a6e2bb362ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6395f6e0bff7f51868b7165ae09e164d

SHA1
4d81e2ef78f432ec82040dadf3a622e46b99b6f0

SHA256
9ff599bd553399e7607eab6a723c8dc064ca0ba0af11c1bf7c7004026c4b11d5

SHA512
0745657a71a1238aee27abca76b7852aad5dbef69f33e96d1c05afe45a0f34cf2813bf1ca2a030d1d0e78f4225ad2d528cd9c82a9fbeca43f2bb903279dbbb99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a82c4ceee6786a7d72c8e865ad72aad1

SHA1
a239f741aaa7b9ac131c7bb158010b799c427b33

SHA256
951bb6f2dcb96da111a9c0f030b9378c295125256cf5c91a02183b9e6358aff2

SHA512
13348813427983db54875a1d93fbd92a069004ed0f97b2dd39c5e14ba6fc57b53dcf7dc3a6f157ece8a25b530c5b27d1859dcfe866f652befc2154e70de6b8c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f39651e0d2c12028da04f941687c62ca

SHA1
0012ade475ec94221e2452b665474c2764c5bbbf

SHA256
93a18e55c0eac00fe29b54766be7be64e24441d1dc1602b7d61b1e28e9034de5

SHA512
e4963e7fa2bf84ffb30ffc50a1a9cb718b080c53487d9203e49eee488983ca4e3a15017433b9d61424a4b60a51c3885cbca3902b49bf57cba5bcf31ca508d55b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f344dea193cf9eff0a3ee257f257194e

SHA1
3b84608461bb2233c703f943bc79c1e323dfd211

SHA256
4cd51c7f93d20b9fec8bf3850dfd5d86667342c07e817cd0cd61d5ddd6f0bef9

SHA512
beae96ae7af403ca3813512681b870fa7c43f0595d2e37f0100e4954a71d49a053fffe00d78cbd5b8edc3a5f4abc98697dac45f9ed3ef30c93814b0d88173c22

Download Submit