786b6fc51a3e44ad672827793beed2c23d16149344c442c148adc32efc3e76ea

Analysis

max time kernel
145s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 03:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

27fb9c4e9390f334ad7a2eb11fbe7a48_JaffaCakes118.html
Size

4KB
MD5

27fb9c4e9390f334ad7a2eb11fbe7a48
SHA1

402b571c6d6680ef014003f9d8e935fe4bcb9a9e
SHA256

786b6fc51a3e44ad672827793beed2c23d16149344c442c148adc32efc3e76ea
SHA512

7b9e6b64c269595f2b389e4c152d0d646da93fec96a5adefc1542084f8ed854df0d6ad9de5835e19ec85666ebd59941a3e7652d9997b54639bbaf9e3c499b1c9
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oOF5rKXF:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDI

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3468	msedge.exe
3468	msedge.exe
3352	msedge.exe
3352	msedge.exe
5060	identity_helper.exe
5060	identity_helper.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe
4476	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe
3352	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3352 wrote to memory of 2220	3352	msedge.exe	80
PID 3352 wrote to memory of 2220	3352	msedge.exe	80
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 4384	3352	msedge.exe	82
PID 3352 wrote to memory of 3468	3352	msedge.exe	83
PID 3352 wrote to memory of 3468	3352	msedge.exe	83
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84
PID 3352 wrote to memory of 3972	3352	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\27fb9c4e9390f334ad7a2eb11fbe7a48_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97dc546f8,0x7ff97dc54708,0x7ff97dc54718
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4792 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,6660043445597677628,15482218414539384501,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3736 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
8e0cab667ff24d5bbddf5504e6ffb63d

SHA1
6a126cf1da0f0d36f61d1ba83a4ae2188551f2ba

SHA256
0554fac4f8770c2f544a6b7d0a5c0db4b0e423dd5c8efbab46aaccfd668a57b4

SHA512
47b81885a7affc5750c8bd67f8cdf8489b05b484e377914b9706f5c48947c9043cace769b25e38943d49bbf96e5c9b37494b8102db4dac3d3448a1efe2038e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4cc86fbc5c9c66b5281f25bbccb2de59

SHA1
e3cdfc5b723e1b66e65dc47326b97887ec8f901f

SHA256
3dc112804890a4a3ca2794d478d48dbcf3560fb33633313bae0084f26b35da06

SHA512
32212e54b5466ebc7c3f2f5cbe180f87e52cad68a477f106051fded3ab86c4c3bedb3ebde2177fb6ac2befc417e18c4572e967ea77e20c388b04964c54843f4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
41ce46eba8b941fddc604ad04c8b80bf

SHA1
37558a10975421354dad05a2d659f364e1ed46f8

SHA256
0b3775cf4d69ac3008b6bbdfc411e1993fe24fc8a24eb8e63180180e32d313a0

SHA512
9920a94feedbddc521b0f988dbfec00710749a27da6b1a2cd0046188ed53de0969e66e39f528294f0f95f8265f17594e0c77b870b7b1d8e37fc649cb628c4f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d71b0dd195e0e84def421de2e76528b1

SHA1
6935574d8046b648b1d3ec97929eedc37fca2e22

SHA256
da2d348db3eb2915a8915f79e429dd82b52ceff997081cf608c1f0fbf80d4c05

SHA512
cfb832f4bd85380b441b2eb1e7d71bd26f37eb9c289190e793c89a765fa33e5169003860db611e2bdfdb7abed8b956945a7ff841abceeda0672781bd6a7ecf5a

Download Submit