511db444c3f31b8e592ebf4795b0d96a0cf7a376c654fd1eb10ba6e8df7852e6

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 09:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2e8c0684c825b4a28faa8b45d6c2dfbf_JaffaCakes118.html
Size

23KB
MD5

2e8c0684c825b4a28faa8b45d6c2dfbf
SHA1

a90b4fffb32a3542ee70a110f6917a114713e560
SHA256

511db444c3f31b8e592ebf4795b0d96a0cf7a376c654fd1eb10ba6e8df7852e6
SHA512

01efdeb2ef337f429525c306deadab9eeb6f365ac6897777b14b935e8c6f12294da4956e001adee0d2385206e9a66cdcb4f0ae5e6e1636712054e4aff1600b94
SSDEEP

384:SICKX/eUvy2snFbmdmoQvRcBwhUMcfgMSQsOMbMgj4:SLKXprsFaoyfhSQsOMbMgj4

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3028	msedge.exe
3028	msedge.exe
3996	msedge.exe
3996	msedge.exe
936	identity_helper.exe
936	identity_helper.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe
1136	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe
3996	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 4584	3996	msedge.exe	82
PID 3996 wrote to memory of 4584	3996	msedge.exe	82
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 1464	3996	msedge.exe	84
PID 3996 wrote to memory of 3028	3996	msedge.exe	85
PID 3996 wrote to memory of 3028	3996	msedge.exe	85
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86
PID 3996 wrote to memory of 3160	3996	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2e8c0684c825b4a28faa8b45d6c2dfbf_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffef86946f8,0x7ffef8694708,0x7ffef8694718
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  PID:1464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6128 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,404071137491343550,9982986435667794970,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1136

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f61fa5143fe872d1d8f1e9f8dc6544f9

SHA1
df44bab94d7388fb38c63085ec4db80cfc5eb009

SHA256
284a24b5b40860240db00ef3ae6a33c9fa8349ab5490a634e27b2c6e9a191c64

SHA512
971000784a6518bb39c5cf043292c7ab659162275470f5f6b632ea91a6bcae83bc80517ceb983dd5abfe8fb4e157344cb65c27e609a879eec00b33c5fad563a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
87f7abeb82600e1e640b843ad50fe0a1

SHA1
045bbada3f23fc59941bf7d0210fb160cb78ae87

SHA256
b35d6906050d90a81d23646f86c20a8f5d42f058ffc6436fb0a2b8bd71ee1262

SHA512
ea8e7f24ab823ad710ce079c86c40aa957353a00d2775732c23e31be88a10d212e974c4691279aa86016c4660f5795febf739a15207833df6ed964a9ed99d618

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
744B

MD5
1808716c0ba20464926bdfb5f17046d0

SHA1
18fd32dcefda073bf97e1c0166fd4039d71d9593

SHA256
962cefe851f1e05139ca487bd8b7c50df43f7a7a2c7aab3789bf9e821e3edaa3

SHA512
289a58b1efa69271dad25da81dab5a23b9792fa82101d07769acd5483fb735e57c01072b3d27a1d5b4e6bf9e0a1e2d6b216fe1221bb27a970c057d872857e131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d31a1779ab59f857f9fb61df351ad1ce

SHA1
75936ea35ce77049b2106107664cb65fd6e64834

SHA256
b7dc265e006e71dfafd19cc19fad393172a9505e037f98707cfa35b3f5411137

SHA512
e1cfdc972f13897adad2b4baa3cca8cb81806941dc8990e21fcbba73167013794a9e126f4431b432f99d17b8827ec7149b96d4ff9e890f9c0bbb4b3e244100b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3413e4dae759ea8810627433090ee8fb

SHA1
f6023ea1f82eae4a3228fd398382d8bcd4a1ef0c

SHA256
c2e61caf2632ad41e0902cab18414fa2b8cbd88794215fb1761e4e6b7e5dbf3a

SHA512
a8b9f60a1f4b51a9358b16310c76ecea9deed5fd11354ea1130feaa9426d6b38f3f5f9697c96232bffc3ee30e6454cbcb79b15318702a48548765443377b43cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1822b13338dbba5033364abe7b06dd90

SHA1
9e3dbc6fcc7cacee3445142b778d22fb1fb1d5db

SHA256
e08e486fb3bad58eacc11d1223952236c3eb84ad73edc35d13861d1a609de653

SHA512
687071b2a35a7d0a92caf50befd57714953db0efe0b7f6e600a06ad6a1a9bbc71390ce6fecbbdeda9901d86721fe37b33068a9eed8ee741194a2694e5620b80f

Download Submit