71d590ea4901ea965445bb91e4cdfeaafe6376f1cd8afbc549da5d69827d5365

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 08:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e422d0f6cf538bf1783058ff9ca29fb_JaffaCakes118.html
Size

12KB
MD5

2e422d0f6cf538bf1783058ff9ca29fb
SHA1

fd33f978d3b389f5c0fd5e6b6c409a05b509f90a
SHA256

71d590ea4901ea965445bb91e4cdfeaafe6376f1cd8afbc549da5d69827d5365
SHA512

4ab2727796557da6a663fbd722202bb19aa1e6ae0b0fb001812105bb74a0ec85bd6c0bde2dd294d5b8bc0a2438fbd8d0cdd3c4a7f97ee13d2b2c6946d473cbf5
SSDEEP

192:53gKSgHX90alRd8/1uJKMuqFNnEJ7xk+cQrt1s9a1UIZg/XAOx:GXet0KRdsNFUNnatk+cQrtH1UYgPAOx

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
956	msedge.exe
956	msedge.exe
3812	msedge.exe
3812	msedge.exe
2080	identity_helper.exe
2080	identity_helper.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe
2044	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3812 wrote to memory of 4364	3812	msedge.exe	81
PID 3812 wrote to memory of 4364	3812	msedge.exe	81
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 1652	3812	msedge.exe	83
PID 3812 wrote to memory of 956	3812	msedge.exe	84
PID 3812 wrote to memory of 956	3812	msedge.exe	84
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85
PID 3812 wrote to memory of 2916	3812	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e422d0f6cf538bf1783058ff9ca29fb_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb923946f8,0x7ffb92394708,0x7ffb92394718
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:3764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:3808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,10330863955168865767,9423822981623443474,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2780 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7b164d25622ae6adb0afc9cbbded676f

SHA1
22a37f577964cea112f8178acac6301b46f4ca32

SHA256
3d0c0b486cfd5ef14d86478b25c52a90781c246cdfd1c8d5991d1e9bffd0bf34

SHA512
aa80fcc316159dfb50244d1cea06cd97f31d2332bc0da96377a53298b87eddabab5a0c733a501cbae2ebaffe30600a45e44bec1e73d1e0c2e494cb7d0ce24af0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdb505b23dac550b64858d822cf38a41

SHA1
297eefd652e8ba3dc8e7f965fa5b0939c519e766

SHA256
55be155c9a283e449f107f2dccf083ef23b7bd087f5a23d00be2c192be52f3f6

SHA512
fd1a8d7369db1091faee35d6f520df3d3232b2b024f8be6444abf9b1d69e7717b0894a145de4e41c8080378fc900eea01dac49cadfa6144ceddce78130440d40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cf0baacfd227ca059c434d952a12915e

SHA1
57c164f6c17c9b55b51abacdee488b9c6e0c11a8

SHA256
c235f75e3fc53862a2884d7feb8cdaaa2e957d8d9eaaec5b03f2700445740322

SHA512
d7b2db945df5291be894e275970a2cdb9e0cc5e9bba8a04223b679529efc8957998273fefed832d42534eac42ff9b1944c5ce5d2a8c988beb9d7671a61448657

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2490b74c29f95b7df66d88ff5c3ff7b3

SHA1
24713f1cd663c615b38263e03571f52bf4a04dd7

SHA256
ecc6f79d48d05203f0c66e05b660927079716f45e76de946e56321faa9387a69

SHA512
7a3aa0d87df87340b1f7b064b448efd41c3504a55999f0f091c035f144f70859feb7cad22111b92135048441690e2ac1c9d40ed17da72939bf232290c22193e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
532B

MD5
be2406b61a63dabb022fcd067b3b7da2

SHA1
7f8440fc2c02c1a6d150a6962ab5471e1d42deeb

SHA256
c87519f4e8875c29bf583862e7a709eb4c3b56231e567d319c8018ed90d61e95

SHA512
3e8bd52e184d381da05c9f506e1e670c246a7422e87780d48b96c5ce62e9b6a626cf9518a76448d2de4aa6906028518c110aaf2cee28796d22fcfe67c46ba34a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57bf29.TMP

Filesize
202B

MD5
cbb053705cc2ea43120d3e8697e9cef3

SHA1
1e8dde8b140eb88720394b4210592cf976f5b315

SHA256
3651940b0a3d60ca61e955da710dec91ed9808cf5e5e9f9f8e0bad465a7e404d

SHA512
b553b9bfe1e662d4ac3dcc8aa8740e1d6c3543862feeffaa3e8681c65848a6439a94bf553f11cc37b7de098ead7322facca6caa7115c3457cfd39bb23dff1517

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d68e7e31f94ace5503d5b1463563de40

SHA1
a1f0fa408d7478092aeef92f2dfc047fcaf6aa69

SHA256
457c0eb9b3d2d56898c835416059e207e3d2a8a3e1c6c64b7a441eab02ccde96

SHA512
7fa386f932d20b72fac99ed8f1d6b1aef43f852b6e31357324db2e54c26752aa998626885608db3c41497e6a32e0e73b44a06896082a41e70b36d640d864bfb4

Download Submit