85272d90339b44a035c33e827205874f5c537ac1c03d4606c4aff9bdb4ffaaf7

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2024, 09:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2960e70cf5c6cc7f44442c86d5c8df11_JaffaCakes118.html
Size

15KB
MD5

2960e70cf5c6cc7f44442c86d5c8df11
SHA1

d4c40cdfbcaa6daf920bd316b1ac4ffe333256a2
SHA256

85272d90339b44a035c33e827205874f5c537ac1c03d4606c4aff9bdb4ffaaf7
SHA512

6717cf93b6b0385bd973c359b665b48e312e1b8c2bad14fd98510eee41d5b7ac63944c2cb7ea0e3035da93406c3f40aa1097f9b12af742b7a0416d99cf201acb
SSDEEP

192:SIjkLfnxx08KWcWmbvycGJ77QaXRHsvbbe/BnrLN4hOsBNkwqY:SIAI89JCPQnqBGo

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2240	msedge.exe
2240	msedge.exe
3496	msedge.exe
3496	msedge.exe
4452	identity_helper.exe
4452	identity_helper.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe
3124	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 3396	3496	msedge.exe	83
PID 3496 wrote to memory of 3396	3496	msedge.exe	83
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 1164	3496	msedge.exe	84
PID 3496 wrote to memory of 2240	3496	msedge.exe	85
PID 3496 wrote to memory of 2240	3496	msedge.exe	85
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86
PID 3496 wrote to memory of 1588	3496	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2960e70cf5c6cc7f44442c86d5c8df11_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffda88e46f8,0x7ffda88e4708,0x7ffda88e4718
  2⤵
  PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
  2⤵
  PID:624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,15368864404329755897,10109121655806847764,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2576

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
182B

MD5
21288b4d9c0c0113b527ea64b5388e34

SHA1
634686f9842986ab0a3419eda6aa8f70f9c388cc

SHA256
4c7d2bb7f631e4d60278030e90bba17d19e024ba27d9b3e980587f3525561788

SHA512
45cb5e6cac3cff3a39b3e7f14c3b7eca0003c69218d69a8426e7cb843ac87dcfcf5e8e2149da337265a8ad2aa9d899956686a7dc569875dfe33efbbc3ee50d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b04c580414684e338450209c1e168309

SHA1
4ca3afba0ed291f050b02043f4a334847aa756af

SHA256
9bb9eaac530645483b5b4476e15a3589c5361c6dfbe9447b179a263b70a8740a

SHA512
c74e74e93a4277bc15151c4c54f116437cf9f23fcfab4992fb2aa26b5be9fbfe05d086cb90a14c34253e194b176bd23e1fb48179974bc79ee345ce6228354209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
065a72bf538df73ed4e356dc4ffa6df1

SHA1
e9375761b3d787076f44e11679c3aba50e57b2ac

SHA256
2bf46a20b6f76ae3b898fb8063a0e2fcfee34bcf80054cafaa0fea6cd1187140

SHA512
6d2a1931b0af095e55f9a79c0ef82ea5991073d4b402af42f06e90afe19c612b81743fa159d07855305142314a1a9df94e7bf22ff3f71881ad0543518511288a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52e3373dca340c949a18d904b69db609

SHA1
cc5cd8dafff43a756666b46b847f19d453358b34

SHA256
9f481ff4c27bd732fab96df8fabab0d9c28737bf5f02f6790a445e9655f49fe4

SHA512
033de05598de6251bca2c94b2b11795df29ebde841a52205283cd173f3a6573d2b73bbc5cd6f48c3dc241a9995ce40aa0c819f5829ba9e588983e10f5f9db23a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
653410cc50a10af48ed48dc508a338e7

SHA1
f03055c93812cb235636b4230c8d8d0693267413

SHA256
899a10e4375f8938f21be448078e701447ebf1253377fee5d1455527ec06e177

SHA512
61d93254ca7e79358828f7217b6f7451dfcf459472e704fcaa6c0a6b4de1e06550975d02ecb945fc1151d075a1068d7ba5ac2c9c339fc9b3392505ae0a7962e1

Download Submit