313a50d330935f46afc04a2a3c47e79b01d04b875ab2e5715ec250bf28d11149

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 04:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d5684b75e3c9b62f92c655f3db518ea_JaffaCakes118.html
Size

110KB
MD5

2d5684b75e3c9b62f92c655f3db518ea
SHA1

4caf84d39743f9ead2e3d8e8c1281c6599f89000
SHA256

313a50d330935f46afc04a2a3c47e79b01d04b875ab2e5715ec250bf28d11149
SHA512

1f25db28b88ca6858dd0b1e6cd4501a3f29a0491712ab2b258320aacbf625101d779ffb6a5e397e603b538525eb22d601031031bb1273a8867f61fb8239db834
SSDEEP

3072:XnVN2jaLtqOcTuEPxN3lDji1BlgaSBCDqtd7HiBwSn0bXxEAQJF:V

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2972	msedge.exe
2972	msedge.exe
4976	msedge.exe
4976	msedge.exe
2620	identity_helper.exe
2620	identity_helper.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe
4816	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe
4976	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 1736	4976	msedge.exe	82
PID 4976 wrote to memory of 1736	4976	msedge.exe	82
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 4592	4976	msedge.exe	83
PID 4976 wrote to memory of 2972	4976	msedge.exe	84
PID 4976 wrote to memory of 2972	4976	msedge.exe	84
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85
PID 4976 wrote to memory of 4332	4976	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d5684b75e3c9b62f92c655f3db518ea_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff6dc846f8,0x7fff6dc84708,0x7fff6dc84718
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:4592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 /prefetch:8
  2⤵
  PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3100 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:3164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5459946190244256119,6691802279055102326,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6036 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4816

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
890B

MD5
b321cabd07505fa4b681446b5a11a775

SHA1
a2c7bd1c74a58ce0f1eee42223e4a65d86b1d6d6

SHA256
53262b9fbc73fc5313beaa42082c3a6d003e1a13822a40c221534e27f0a6b16f

SHA512
5733067b8f7f7357c5f4c665309d21335ee461f9e1732f83741b7468cb3781c1601091e8bbfca2f0e98298543194bd3c7d31938a8964dd44f2e081d4b5464ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
04f994d49e7e913ad683c0726a8b95e7

SHA1
8affc9041b0c0022dec06f3c59e1369e52a71d1f

SHA256
cc5aee5f74990180f3bcdb6594597ba540ef0781976e1d3852b911101afa98ac

SHA512
5036dbde8e5f9e02b5ee2bd2958d1184d70b83227d3490b38ba3ad73f3cd9ddd416aefaf5f5979ead929d90af662242386015c287b1e656f1900ab240819302e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6024872d9e2124b1d96be6fb4e7dc36e

SHA1
f1021d4ca703c35f339b663532baca49040d8459

SHA256
27c000f9be9fe2e6a27f04c7ec07c753d9e92c8a39c9b3cf95c1c81c14a85b1e

SHA512
ed4e8f2eac36995550c63954ccb9b81968ce7dfbb04c3ff6c520f1cd94e2e99f0585cd9bf13d56a0787c301c7a35250e447f8bd6c332f6b3a0ead13c0dc9235b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
52b6508df4b6e2279e469750654fe7b7

SHA1
d3126e9388c4e6cbe0bbbe48c221eded013b7fa5

SHA256
c2c64fb006f0c66ce53e7cc2f9df9bd3bf86907725ca0c7870eb2f1d36b17522

SHA512
9b3a0a40014c8ed1ccb3d9e64384e30f456e83c54b381ab3205c8ae0cdb9a514bbcb7b5e2ca17a36ad33d04f5de4bb1f8534b43317f0dd4c358ed557661b26f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
55d1ce6a080af4baa80dcdac69859da8

SHA1
74aedbb83c1fbeea606dfc0c9093b7759f224139

SHA256
ce88d3ddb6e91b08cee7b5baed67c79b0d41e89b927f85b615218096f96a332b

SHA512
8362f2508601bf003b168900f4790391522ea0a3abcd0a24a617b570f38ad9492a1192709c4d26236e9641f65fad6f5e06aad87cf6fd73e775bdfb72d37a7d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88058729c622bb469a000fa1612fff10

SHA1
42ee70916925c1410a4c08db525016272d51203c

SHA256
8634304fe719ec310a0ad43c7b77a8acc362172874543d45c24816e7b6383a5a

SHA512
a5f1338a23b3bcd31acb1efb0f33125933e9a49c6bceabe3ef363d64c2b2378c12ea1d183d1f1081307215efa49109fd3e40d11a4df99eeba3d24d0066894d01

Download Submit