0fe2e15ec5136c21a1291ece50ac71b39b74352cc44778145bd69141409a83e3

Analysis

max time kernel
139s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 06:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ddaa2787d19d0bbcd9799a2b13c0ea2_JaffaCakes118.html
Size

158KB
MD5

2ddaa2787d19d0bbcd9799a2b13c0ea2
SHA1

4ccdfcbc4fa4094be2357a36b0661a7535648043
SHA256

0fe2e15ec5136c21a1291ece50ac71b39b74352cc44778145bd69141409a83e3
SHA512

779bc69c44ae74e6bd5d61108d21e39d99251f47487e9394fbcba0bffd717e7677727780e09398446456dba1cda116262ae268047b3ce51490685640ff7accb1
SSDEEP

3072:iczNGG6peyfkMY+BES09JXAnyrZalI+YQ:iUEp7sMYod+X3oI+YQ

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1412	msedge.exe
1412	msedge.exe
2028	msedge.exe
2028	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
4552	msedge.exe
224	identity_helper.exe
224	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe
2028	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2028 wrote to memory of 4864	2028	msedge.exe	81
PID 2028 wrote to memory of 4864	2028	msedge.exe	81
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 4204	2028	msedge.exe	82
PID 2028 wrote to memory of 1412	2028	msedge.exe	83
PID 2028 wrote to memory of 1412	2028	msedge.exe	83
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84
PID 2028 wrote to memory of 1888	2028	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ddaa2787d19d0bbcd9799a2b13c0ea2_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c04046f8,0x7ff8c0404708,0x7ff8c0404718
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:1888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4124 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  PID:3648
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6092 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,837313693953190282,1261489925597874399,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d56ad0b0eb7e21ebb475e3f31b522fe3

SHA1
d9b09868800ebba1f38542a676f6951d74328ae1

SHA256
ff42a1ed01e71a324672d374174813dd9923a9f537f1339dc09f559fd65db0ac

SHA512
c3a7315f9c9be1b7394041ed5003c8b11e8b745723d59c870d97b9e6056fd5f0e57baca756a55b7c49688910482203bf55954df8b560a49e7cf5a4808581aff6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf338daa0ece1b99339cdc4865b248b2

SHA1
943b3cbf318d8a0ac6ee757198f2dc9cee358ad4

SHA256
ffe2aa83c90396aa2a455590586f2f75413d41ba319b6528d3591a4e7bacb75f

SHA512
234d06dac75a0758d76ba4f3a2fdae407e8bdf78913450c4b7d1af6ac0f489d57b6c9c6d652193213064d70ede791f7131338688b032e275b62861386ab172a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d23db8c006f0d38cc5ddf9d6b8b391d3

SHA1
f2f81c61b147405794b78727a85e1a5fa80fccd7

SHA256
d8ea51651cbf7d43af74b499cf0a018d84e01f7c3fe869ea43a6264c7a520399

SHA512
21c1b890c57e03554758e738af5d5cff92b616b84ac053a2c8f76fd7ed73eb73998dc61c1224ea9dca7ab5e28b57dd47c94eb2131b411c856375020ad5341023

Download Submit