5f27a192ca7095a4b6739da13f9fabfa77c66184be0beaaae17c67d076ec7f10

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 08:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2920168276ba303ac74e2aaaa0c0610b_JaffaCakes118.html
Size

4KB
MD5

2920168276ba303ac74e2aaaa0c0610b
SHA1

4c0ed7971560452c8f293da20ce1a231bf288221
SHA256

5f27a192ca7095a4b6739da13f9fabfa77c66184be0beaaae17c67d076ec7f10
SHA512

77ffb08a1d2f1f87a78a698a9d16cf2576e35df090327878369bdff4e047eaef7da8c6d86117bff49d833f71c186c67deb1ff81baa1270efd49e637340585754
SSDEEP

96:Pk7yJozTGknaEFHVKDZTBJl7sNjtXATIQFMA5e3fhrvDJUgwa71D5iJ8oGGBd:Pk7yY1aEFHVKtF37sNjtXATIQFM93pDo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2464	msedge.exe
2464	msedge.exe
5004	msedge.exe
5004	msedge.exe
2376	identity_helper.exe
2376	identity_helper.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe
4952	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5004 wrote to memory of 1456	5004	msedge.exe	82
PID 5004 wrote to memory of 1456	5004	msedge.exe	82
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 3392	5004	msedge.exe	83
PID 5004 wrote to memory of 2464	5004	msedge.exe	84
PID 5004 wrote to memory of 2464	5004	msedge.exe	84
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85
PID 5004 wrote to memory of 2876	5004	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2920168276ba303ac74e2aaaa0c0610b_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff467446f8,0x7fff46744708,0x7fff46744718
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2096 /prefetch:2
  2⤵
  PID:3392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2656 /prefetch:8
  2⤵
  PID:2876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:4252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,13724307404988005622,16891929827289413197,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1876 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4592

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
292B

MD5
bb72e6120adf6625265f9aa8e802dc15

SHA1
137b31e855af8d2a735890a68fe305f91cd61331

SHA256
696595800c55ba6c7e2f42ecafb6288ae1e7084658da8016ff3b19cbe3be1956

SHA512
bf144044c29ce720bd4606e7e43fc27fbe1ac1de3c4f23f7883098a155d6b252e12be17542da3fe04885d9cc25e88b01bff69f6fdd277ac079c39545ec35c1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b35646e294c631480a296c20636c1a00

SHA1
e1f2900355d25999e24e462194118ccc42e896be

SHA256
1985eabc9e3f7f4274dae08b72e0a5eb2220d983835d0b2ac4bf85688ff79c69

SHA512
a16cf67b369d72ac657cf648da399432e162b7012136f98d873cfd003eb131c23c3173fd49e633803ab854309cdaadc9e5c401cac8742fac8564758047d50dce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
58cc668c78072d7d6da5af951e16c100

SHA1
09c7d66c411d3b93bc57cad6d431a07707ce609f

SHA256
0a0a63c27964c214b37a04fc0e564a5bf475b25935c4a4cc609026c6c7fd35c5

SHA512
0bee97f57acc861b0733b779ac78af16da58b6fa2aca4dd09638148ad989731e20a2188be8d3587fd1970c1d20b098b395979a4c91552f3c312404c59e48ae2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
13cf7875045cbbcd758d703681249fda

SHA1
18ded18e89a194537124c85604c4f9c8287508b8

SHA256
87a6e36e2fc94ca95eefd7cf38abaf997d0c09eff10add349886800bc365c280

SHA512
0b1a35a578f5afa212d9a30f10c9f0412cc56cf8b6b4feb2994e72f1ed806cb7e93574269875de09d2fba3d9b3d026f89fbf99ad8986c12bf1d0882f1280ffa6

Download Submit