c9f1e6d2dbaeb0ce84305e51a468cf57926b11b6d902b60810fc772294570bed

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10-05-2024 16:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2ffa84ba840c1a20e62726d38ec7c166_JaffaCakes118.html
Size

94KB
MD5

2ffa84ba840c1a20e62726d38ec7c166
SHA1

0d5eb9b9d324c0b63bc0df8e4e3105e6b5a681ba
SHA256

c9f1e6d2dbaeb0ce84305e51a468cf57926b11b6d902b60810fc772294570bed
SHA512

5b7f77218246ba35b73e09af3c99ac467fbb73f0bc9f42f684bd985568b4f52b9207cc197ce8d37f4fbdf2bd86e3c15252de4797af5a9a1f9de5e1e5cbbcd5b5
SSDEEP

1536:OaeqobG1ml//wJpDp50JpIvJxHLUEWxXs7W7tBvdzXaGBJvs6t+EeI2UnsZQFpQ/:OMUe7W7vvdD66E

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3176	msedge.exe
3176	msedge.exe
1428	msedge.exe
1428	msedge.exe
3484	identity_helper.exe
3484	identity_helper.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe
4108	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe
1428	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 1200	1428	msedge.exe	84
PID 1428 wrote to memory of 1200	1428	msedge.exe	84
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 4228	1428	msedge.exe	85
PID 1428 wrote to memory of 3176	1428	msedge.exe	86
PID 1428 wrote to memory of 3176	1428	msedge.exe	86
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87
PID 1428 wrote to memory of 3740	1428	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\2ffa84ba840c1a20e62726d38ec7c166_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ffbbb3b46f8,0x7ffbbb3b4708,0x7ffbbb3b4718
  2⤵
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2308 /prefetch:2
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:1676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5828 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2300,10328769706139024426,11588800060091924095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1052 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
6cf41933d8f2a6f4738da67c5ec0de3d

SHA1
f22f79bf80d29b85285a6b27a63c288d4214ec11

SHA256
c57a8cfe3f5aafe52b1110a25293c174bbd21c42999023eb1fed427c40493647

SHA512
4682bbb735c3470c1fb7303a51b3810aaf12b302a71ce8e402c473b605a996060f28c6499f82839e213cbdb17b27c4d2b64850c9784810c865c30e7745704323

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
efb7b6b1675347e27df39e5f67f23a21

SHA1
8db599804610a7c2d1daccddf5c5b59279cd1195

SHA256
9098928286c513e4e14e068c7db54b40f6252298e911ac1e2c886aadbbed31ba

SHA512
33b46fcceea8d66dab8ff220c87bf580e749061c6fa4cc01befe41942eeda71b9c2dc17e298a35328f66ad05fa6635c37f4c8395d526367d945b6b1267f5de0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
adf0215db6536df211f4b92268c6572e

SHA1
221ef325a6b5b5b4ef5182dc10fd269970ae31de

SHA256
bb03f4b08650ed450f67c1f5129431e7fdb723644cae5096b52b50973f0515de

SHA512
a2d17d56ed1902146106dec2bfa79bca33f659ea3dbecb2721a9171b8306d66b5bf952bfb87326f7818ff1c564a33c0e997cd17b8641c9864e6d6762871327e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cdd9ae9133a078c9368c03e550f82b0a

SHA1
5780db3bc7bcee6530342adcb33feb4c57be5a7b

SHA256
e3e92f5b9412dd1a26ea75d8b736cc4a97946ad483aed200ae89b88dc4b21469

SHA512
90b25033a6d0ade252004b6f6e4c861182786ce0f07ab01f82ba85019442ee16217454184ffc5de0c0f15fe27f27c9ee8b8d0ccb4dba20396100fa145d1d6053

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d9861b2e083b1558bc0db16dbb2a8be5

SHA1
70c43f4cc5a6626031f135379a09a978a044e06a

SHA256
c649a5498fab7527dfac3f48d106bed5ef501446481d414b0064c4d270a66812

SHA512
37cde72fbaa1ad8d79c2ef6002b87d285a0304b45bf871ac64983105c3b63b852d8b7be9c20c04cba04e73f36d7593dc5a317db8df3611e5e53e39e3c9891804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ed91e08910001e93363b326d28d0abdb

SHA1
799abf416a1f2c90fa710626f3a90a6b94f3fad7

SHA256
53f5e879dc906f572d6d99b047da8e63bd50835510a454c6295d3ba3232880e4

SHA512
cdb4a01b6b837cea18a03f108dc09b1553a0f9d1ab136bbee7ea4f6ebc4e7a533af58d407df158def48cb5a8635db30ff25b951654db4d250b84d7e513d675b7

Download Submit