20c2ed89a36b41306bd4b27f0561573e91514aa1a67230688926afe8b755c510

Analysis

max time kernel
149s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 05:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2d9fc88c795bd4dbf7a3c116623b4db1_JaffaCakes118.html
Size

90KB
MD5

2d9fc88c795bd4dbf7a3c116623b4db1
SHA1

a6ed26c0c204ae1599c6ba28307ba5e39f9c38a2
SHA256

20c2ed89a36b41306bd4b27f0561573e91514aa1a67230688926afe8b755c510
SHA512

002384eddba8d106021a11009b092d7240e07278712c69b111bd1fcef73815d72544e66ab6bc6c34ca63a21df3e17316f49e955e1171e5b481782f818f99a496
SSDEEP

1536:5IHYMJQjrcmTTbbhh22IzaLeH1OVPF6rPrQM5rjr/rw/37bAQiLK:OHYMfVOVPFj37bATLK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2940	msedge.exe
2940	msedge.exe
4788	msedge.exe
4788	msedge.exe
2936	identity_helper.exe
2936	identity_helper.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe
3616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe
4788	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4788 wrote to memory of 3120	4788	msedge.exe	82
PID 4788 wrote to memory of 3120	4788	msedge.exe	82
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 4960	4788	msedge.exe	83
PID 4788 wrote to memory of 2940	4788	msedge.exe	84
PID 4788 wrote to memory of 2940	4788	msedge.exe	84
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85
PID 4788 wrote to memory of 2332	4788	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2d9fc88c795bd4dbf7a3c116623b4db1_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f8046f8,0x7ff80f804708,0x7ff80f804718
  2⤵
  PID:3120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:4960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2584 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:4404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,9405620257135779238,157112971864006444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5396 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:652

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0ab1518b75d988c395eb114e60ec9e51

SHA1
29268b864f12125cba999b6cb81a62f1c5edff33

SHA256
720c14c7bdb164051a60d97495e98b3b9ca47c21fb62e1bbe4411f974789e9f0

SHA512
b20f031722f8f3d73cea8de067b240e6e1b9a7f5dad9e1f30e8ab93b61a2775d3b8299ed82b3cb8a44762415fd87898c64c7fd97e98e82fb907f1d548d259ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
027388d9391849542c7f5e8476597d66

SHA1
da4a074714b16c646bcd727219592a7279267c03

SHA256
d0332b6f36f5508cce5d10b24aa37a710e334cedd0ccbef671f2abd547b50506

SHA512
2119c87ad31cc4d515cea39914f9601b37e348efce6f1ab09d6bd565376cceb049648140fd89a2e399b80fd51f863fd024bf6261cb389c39e67eea7fda3fbedd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8203fb12de7d92912566815591ac2d85

SHA1
ee64818cd899a5d1c27399451585a56451e0b34e

SHA256
13d7b6811b9359510b3271ad5471b5ab6527d741150770be62ec7511397a1d52

SHA512
cef96641e68a1a93d8384ee26bd7a51958e26fba0a73e8228185f178a0db2e26c757d1d83ebdf44771589d2345f4c58fa30c50c2884dca9de66be6c5b0ed0e7c

Download Submit