70bb51f83326bb06c45301f952e626de5425a2e7d142002a4e795cf6e977e6e3

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 14:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fa1a1eec4e9f7407490d77e63984ad8_JaffaCakes118.html
Size

8KB
MD5

2fa1a1eec4e9f7407490d77e63984ad8
SHA1

cca731a458958d8ba66a1f9f77b2f729fc6e1ef5
SHA256

70bb51f83326bb06c45301f952e626de5425a2e7d142002a4e795cf6e977e6e3
SHA512

4b8ce7949cda4ccbf835789669975ce0e8106a79b84f1f03fb1149e81ddcf671a4beb37fb71d85601f1e13aa93f19944aea41caa4ed17584e981c40b735334b5
SSDEEP

192:SI+Fhri+KLF/sbF3jc00En7qVYDkvkE2F//J1lax7TR9PAlzLQ42GWGkP:SIui+ctcqncTx/XMfP8zLrWlP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2256	msedge.exe
2256	msedge.exe
2284	msedge.exe
2284	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe
3884	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe
2284	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 856	2284	msedge.exe	82
PID 2284 wrote to memory of 856	2284	msedge.exe	82
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2940	2284	msedge.exe	83
PID 2284 wrote to memory of 2256	2284	msedge.exe	84
PID 2284 wrote to memory of 2256	2284	msedge.exe	84
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85
PID 2284 wrote to memory of 4584	2284	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2fa1a1eec4e9f7407490d77e63984ad8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff80f8046f8,0x7ff80f804708,0x7ff80f804718
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:2940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
  2⤵
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7703381804223736448,5489069420689878448,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56641592f6e69f5f5fb06f2319384490

SHA1
6a86be42e2c6d26b7830ad9f4e2627995fd91069

SHA256
02d4984e590e947265474d592e64edde840fdca7eb881eebde3e220a1d883455

SHA512
c75e689b2bbbe07ebf72baf75c56f19c39f45d5593cf47535eb722f95002b3ee418027047c0ee8d63800f499038db5e2c24aff9705d830c7b6eaa290d9adc868

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
612a6c4247ef652299b376221c984213

SHA1
d306f3b16bde39708aa862aee372345feb559750

SHA256
9d8e24c91cff338e56b518a533cb2e49a2803356bbf6e04892fb168a7ce2844a

SHA512
34a14d63abb1e3fe0f9927a94393043d458fe0624843e108d290266f554018e6379cba924cb5388735abdd6c5f1e2e318478a673f3f9b762815a758866d10973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
181B

MD5
57038b08df22f2c42536035231093386

SHA1
43a2fbeb0fe009bd82d42355436599a3b5d3a212

SHA256
e288f13264e78b55850890ba700d2a4226ebd377b5082e939ee9abfc288252dd

SHA512
0115947f8289408b25d68ee754784d5e723dd6b55267fc1ec1afda2c75139f34bfba7bfaefe3763befea8cd82468f2a4099b32553aba53dc1447cbb3c2582fe0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4985ba9416f7b7003c660309b0a21cc6

SHA1
b78b2b83fd1d62b3837dafb87add1b0aaf34b99f

SHA256
1fd398bcc9af485df8c6866562488c4085267b7f4ffbfb59d57237c9d0ee3ddf

SHA512
8b2596c6a5ab96416294035a69834e90ce216b50b78e1fb4d9e44b6ff4df2718340c10677649dc0cd7e93ba22f09669501e98748a9663af62714f5c939048cdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2e194e5e8ccce055a6aaef723e81b2cf

SHA1
866d5a4a293534d6dcd50c255bd9b9cf9e87ef29

SHA256
291f3fad01d080cab1d3281715883be9825a73716eb6698682cf4c5cc0d21422

SHA512
8d9e3dafdf2673ff9be28abeda5d504cc13ca30db48ce10b1743e3b5998ccdf0b04aa571c5c9528ea13cde722e5ceafdc3a7df9a205a4e92b0d102ea912bcda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7b867a227389dc75a9a8ab5cc1a3388e

SHA1
d5218107d1ead6a223f6da15e1eb05f994fe3e12

SHA256
68605faf3bb082c383429c280a0639cea85af148af9052b7efa4af8da1853d1c

SHA512
53d565e48092de138da524a08d8a9c9a6ade3004c7a7e345c556a4a9b7e754ddc6d47d7f11199ca557ad4214d3688741654cf2d5ac82ab5ea8e19596a846da62

Download Submit