a00104a10a6e840e487b74ed55faf189dcfb32a9d035d44c3ad2498f55f7dddd

Analysis

max time kernel
149s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

30fc58b055d65efb3edd790f3172843d_JaffaCakes118.html
Size

4KB
MD5

30fc58b055d65efb3edd790f3172843d
SHA1

17e50fb84c5f9f6c6bcf05237201eb5b60d8943b
SHA256

a00104a10a6e840e487b74ed55faf189dcfb32a9d035d44c3ad2498f55f7dddd
SHA512

eb37b958afa652823f08dc0941fba96fa983ea8ac0fa63a10a42716e9ac160d0ccec60d9558b8c540b3d3d2ee2c49ab72fb8613af3b3d2666f70931f2d90d1a2
SSDEEP

96:UGjmQU+lgNddddVB7PqddzVddddddddddddddddddddlOqPqddt1g6vsbddddddg:UzB+PMf3xxIg1Saf

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4004	msedge.exe
4004	msedge.exe
1524	msedge.exe
1524	msedge.exe
804	identity_helper.exe
804	identity_helper.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe
3012	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe
1524	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 2372	1524	msedge.exe	82
PID 1524 wrote to memory of 2372	1524	msedge.exe	82
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 1124	1524	msedge.exe	85
PID 1524 wrote to memory of 4004	1524	msedge.exe	86
PID 1524 wrote to memory of 4004	1524	msedge.exe	86
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87
PID 1524 wrote to memory of 4112	1524	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\30fc58b055d65efb3edd790f3172843d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff12b746f8,0x7fff12b74708,0x7fff12b74718
  2⤵
  PID:2372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
  2⤵
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:3104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:2452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,3671676899225207379,3521887868042888173,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1824 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
446B

MD5
a9e00960bfbb71e6e20c1dbf8186a143

SHA1
594a696db4c2913d7676fa5f9f1b3683f10ce249

SHA256
d1d70a833f25452ef28afd5aad6631eb3d29c4f61081d68b67b3bdd991bba269

SHA512
36035125eb1fba9cf4d0f018752b99a84cb83480925417b71612fd056f8038d60f152297bb109db26568661e4ce2d92f6e2206a8c4d9dcb316e5e51f69fed40c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
564baed2bce5ed9a7a2918314d68f69f

SHA1
2ee982032dbc7cca9478df9abe0ce7f06b39ac24

SHA256
3fc4bd34dfe595a5c88064c71c019e6a671abf42e4c9880329023f8e4297eed2

SHA512
06e74ac76db518563c92ecabbfb687231f8741c98925ff2c8b7e35ad86dfa73fc4175050a145f180b4fcb9d969d78531bba76f65dc418f2db4cb179fd6c29ab3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a2c80054e82431f8ba4a9f07dd0b958

SHA1
8a609e483a3f3d404484cd54db5a43ae9dc934a8

SHA256
d69b41d3e63e5cf3122a5f7783cde4184afd8af7615e8de637bddca5a3379494

SHA512
83b577e1f160277e950756e5896eda6d35b43c88f498a1bf548d720f866e57a41336df70708ad89ff8a376438ea2eb4a75e53eb0ccc1f304476527e7d514e45d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
367B

MD5
90625c8ab03b269b61b1ebb96d69cc5b

SHA1
8758786780031b3e8297d339125018f5e792f39a

SHA256
3be5e80d45fb0bcf6ae9a9b82add98c8237f49e660777db863751a840f282fa3

SHA512
0b76d083e15367591de2b1717d4bbffafa519b1c30035bf36f8712038c32ca25d3a4d83889964a9b92d549724838af3886a3b0af1c3d90ba89c71fe58f837f14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c275.TMP

Filesize
367B

MD5
ecc06d9befe7858b064a831fff8ae703

SHA1
8aa581cc2c9cd853001cbb70ad330c53188ce5d5

SHA256
07df5bea2d7ace4f07f4a551f11b07d01d4a2d4225ba537f163a57d95a18ab5a

SHA512
1c679a9b78e3b7ace2a0c1923f4c1e195dbe37318d4035ceaf66a11cdb7f309dd71617759d51035ad1340f8e0e63e49d2db2eb2c78fc0c06ee94159618abec17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
df3ff238b442e90e338842e0d0f82205

SHA1
eb62ebbdb4992a2242a9b2c311b613c3455e8dfd

SHA256
78779f768a7bf95fb388c44082b2ff340da0a4de1ec41427dcd474d5dc8a1511

SHA512
2e4cfb6190a2dd0ac2c9ffaa0ced5bde517dd7b51a5bc0e4a521841c6c13ccd4786f668ea0ab5b022fe4a2abf037ffb8874cffb56ba087afa6961db5e5ddf2ce

Download Submit