8f0d3008ca9ea13e74621500f3b80652807ef6a9b2423d9929cb710bb4c3bac2

Analysis

max time kernel
145s
max time network
137s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 14:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3aa6af785d2ae33c0fba22cc744159fe_JaffaCakes118.html
Size

27KB
MD5

3aa6af785d2ae33c0fba22cc744159fe
SHA1

b4580f2f5ae706f8e7fe53d788e1563cbb1cdfaa
SHA256

8f0d3008ca9ea13e74621500f3b80652807ef6a9b2423d9929cb710bb4c3bac2
SHA512

61a0468e302414adf92613ea77030702d5de88066cc7dfe4e1a37e390f1aeef9cdcfe3853dc29cb8600a4414a74f18adce691bb5d4d78ac9bf47cb319fa3f3a0
SSDEEP

768:LMfb7IRIOITIwIgIEKZgNDfIwIGI5IZJ7SfIRIOITIwIgIfKZgNDfIwIGI5IVJ7z:LMfb7IRIOITIwIgIEKZgNDfIwIGI5IZP

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4648	msedge.exe
4648	msedge.exe
3576	msedge.exe
3576	msedge.exe
1528	identity_helper.exe
1528	identity_helper.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe
936	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe
3576	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3576 wrote to memory of 2576	3576	msedge.exe	81
PID 3576 wrote to memory of 2576	3576	msedge.exe	81
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 2228	3576	msedge.exe	82
PID 3576 wrote to memory of 4648	3576	msedge.exe	83
PID 3576 wrote to memory of 4648	3576	msedge.exe	83
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84
PID 3576 wrote to memory of 2792	3576	msedge.exe	84

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3aa6af785d2ae33c0fba22cc744159fe_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8fd0746f8,0x7ff8fd074708,0x7ff8fd074718
  2⤵
  PID:2576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  PID:2228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:2792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  PID:952
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5588 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,7768579112176409704,7302649391233951770,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3956 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3600

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4772

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
308B

MD5
eb3f79d00d500e262922bc054e028ed6

SHA1
f28673a80c030bc81948c52fccce540f4a848995

SHA256
e71b607cffcc4fc50ff7b1f88919e9bdf088e7dfa681b7d8b869ad53266c9b28

SHA512
9dc1bf8f24a8f9af7528cfe6f156bb179a30578efdc7326f40b331cfccc65346030d523ea255d18e2859d3df9b2e2a6f4e2fc78563f2976724822f1b04a9f11c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c6774b665868b299e0cd6e35d9b5399

SHA1
415b9657decf76b735c239b817bc1e1cce718e09

SHA256
1d260fd09b9ab97db9a94dd48ec963ac1361948b697d32b8c783087e5eaf7223

SHA512
c311840621756f76b892d3c05de2eba109fa85d151ec2a48add7ce65817fec75e4afef6c13fc7f78438857dbcf2fb805858368658a28eeb70fc5057dfc973b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
daf3caab8532e3436c492eed4f0d999b

SHA1
d06f92e4de8fe4bb47ab7bb8f012a1f0f897de3e

SHA256
ae81069dc7497e5cfb2347b7cc54ca8b0912545df29732940c100630222fb2a7

SHA512
d6b84d521a36829e41066b4c676615879b95e5220d56cf52c56430948c1d7dcaf52d8cffeaefa8b24124b0c05bca8f126b3933e064627cd46e4f1a69957feb41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f0993b00ada83bf25493fcf7d39c7c6a

SHA1
4ad419aa2c68c7fb157c207e10ace56033e20a1a

SHA256
bbd6db4e6325b8a7ef2a1b7f332484c6a5fd3f3942e43f5ccd3db7957d1f3806

SHA512
e0f1b70d51ffc626a43d5a2180dfede8125bb623d34013633ac233e8e901394a0e966207ec9e9ac55ab9860b7a81ecafaefd4bc626dec22d927a575f05605c4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50a4c959ce4c870f00ffb1b1763d634f

SHA1
43f9d4fa87e9f3465e28724083c025c86c22ad82

SHA256
cad6f688d34193c2926f6716e1da98c09037b71532b001dd39e4a41680b09b04

SHA512
7c5884c9242fb6c95258d9ae64e0e7c2d5546498c8ccb8101a83ce6a95ecf727627997e01ca5f9dc0f3c0ddf24f559b7411a9d6ce0e2d1d5b9217bdb703e13eb

Download Submit