c5f428c6334a86dbf88eab3e72c843f82d01e96a4c4c8fc66f10a021011b7044

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 07:26

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2e02844bb79b6a6109c979c34e76e78c_JaffaCakes118.html
Size

377KB
MD5

2e02844bb79b6a6109c979c34e76e78c
SHA1

b01a67a038e76d58387875cbfd5faea78193f605
SHA256

c5f428c6334a86dbf88eab3e72c843f82d01e96a4c4c8fc66f10a021011b7044
SHA512

8cd5905c74ef5d349899cb9625f4b3375fc09a96f64c4c652e3ec0143a0951a68379f464fcec6b358aa600e2b48a8c2c7578f01b82d1cb75d1f2e93694b0f10b
SSDEEP

6144:YsMYod+X3oI+YqvnThnSRBsMYod+X3oI+YW:m5d+X3gvThwN5d+X3c

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2196	msedge.exe
2196	msedge.exe
356	msedge.exe
356	msedge.exe
1504	identity_helper.exe
1504	identity_helper.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe
1760	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe
356	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 356 wrote to memory of 3404	356	msedge.exe	83
PID 356 wrote to memory of 3404	356	msedge.exe	83
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 4064	356	msedge.exe	84
PID 356 wrote to memory of 2196	356	msedge.exe	85
PID 356 wrote to memory of 2196	356	msedge.exe	85
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86
PID 356 wrote to memory of 5012	356	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e02844bb79b6a6109c979c34e76e78c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd7e6746f8,0x7ffd7e674708,0x7ffd7e674718
  2⤵
  PID:3404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
  2⤵
  PID:4064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2664 /prefetch:8
  2⤵
  PID:5012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
  2⤵
  PID:4144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:1112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2536 /prefetch:1
  2⤵
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,1069818256159298644,6752532600898545531,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
828734ef1a8720ff08a88ca6c407db25

SHA1
3ccaa364951b799207e05bb7841bd7ac658d1ab4

SHA256
851e73d8b89b84b18706c05cef752f9ea7845c957e6d741195737dbe7344f021

SHA512
1fc57a3a8f62957402a51fbf33dacd554dccb6127dd22688e754311928f52d6bb5dca21cdc3d41155518452bc32c2a4520eb010c18b90f406991158ca70f00c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
583e838d789fcf25b42e49fe7786c752

SHA1
d9401bf49a359527ed834c038703f94a688605f2

SHA256
e742a9ca2cc8ad9c3e010931ddfaa67dfc8a73282971be2d4be6e4919d1403a5

SHA512
204bae57bbba7613928e289f7f0da2a638d41c6e4d8ff638551b539dee2795f8cf39797333efe57acbea78bc22bcd82a8b567dcc3e2fec344d4ba6a97313f57b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac820a5becceea2f6fa2b7e022f67bcf

SHA1
867e2dc4d62127b016a2a3c6a633aa47fe16767f

SHA256
8b293b38417f0e6d0d7beae622adad9253433e30f049379008a30ff1a2b06ccd

SHA512
2c7b1dfcd48dd100096f3ee1793b4990697d77f540ef48443d364b8975b93e75bc7d847e544c153f1ae3221e02a8ec2d949f8fb08cae3b7619446e3961bd5930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
67b5f38e0cf2c2939f5a464377e80744

SHA1
5156d6a5e44d1aaa0abd11a00e5792b6ca359140

SHA256
0860128bc4ef9c7dafc4a30a2d47f54603976548eed1fe1e8ecbef81111b87c8

SHA512
328064fbd47bb44142530047a79c4eaf6edbd2f0c3e01b32049f6683dcd0f45a2a3812e9e054d14e2ba772b2284a82ec2455c7729894acb7cba92f7966a5fdff

Download Submit