15b20c75fd01f706c20147c472c49967d68f8b3b22edbee4e3c834bfdf15aecf

Analysis

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
13/05/2024, 14:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3ff4dde2726c4f439b651077293edcb8_JaffaCakes118.html
Size

40KB
MD5

3ff4dde2726c4f439b651077293edcb8
SHA1

12c1c232ddfe44ff78133efabe2235de009cfdb0
SHA256

15b20c75fd01f706c20147c472c49967d68f8b3b22edbee4e3c834bfdf15aecf
SHA512

a8d065d75a227438b89e38115af49dfab8f46f77c1baa1f25c67adc9a500ea5bf5c60852d72ebf2d5d1d968b0960492c8cd84cbc293e21351490a52673687beb
SSDEEP

768:2K4ngbKBh8u18MHAe402wAJy7cvcCiJ4JMoKF4GVlwJppFMzNU0ktaZbu8:2K4ngbKBh8u18MHAe40XAJy7cvcC0kt0

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3456	msedge.exe
3456	msedge.exe
3508	msedge.exe
3508	msedge.exe
2244	identity_helper.exe
2244	identity_helper.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe
1584	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe
3508	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3508 wrote to memory of 4012	3508	msedge.exe	83
PID 3508 wrote to memory of 4012	3508	msedge.exe	83
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 2728	3508	msedge.exe	85
PID 3508 wrote to memory of 3456	3508	msedge.exe	86
PID 3508 wrote to memory of 3456	3508	msedge.exe	86
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87
PID 3508 wrote to memory of 1140	3508	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\3ff4dde2726c4f439b651077293edcb8_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f44046f8,0x7ff8f4404708,0x7ff8f4404718
  2⤵
  PID:4012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2276 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6028 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4148 /prefetch:1
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,5489349309228582707,2629101201743621711,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1180

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a8e767fd33edd97d306efb6905f93252

SHA1
a6f80ace2b57599f64b0ae3c7381f34e9456f9d3

SHA256
c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb

SHA512
07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
439b5e04ca18c7fb02cf406e6eb24167

SHA1
e0c5bb6216903934726e3570b7d63295b9d28987

SHA256
247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654

SHA512
d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3408b423-0523-4fdc-85cc-074d468c3bd9.tmp

Filesize
6KB

MD5
68469eb63087446a878f3453f053c069

SHA1
116bd6fd72f1fb90c922b5ba1b7cf562ced12639

SHA256
f0a6a0287b89a9b60fa7a8b5789df650d2696edcdb478f08de843f1d105d4854

SHA512
9194f2df1a35eb2ae080c122bdd7a64666bd35937b169afa9f5524ef93b37cf7ff4c0db5405381958a27cdc88d8e6b65f2744aa36f26cf68ebdcd0374e18f1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
189B

MD5
81a31eb5c2bf65f30aba2326f0d80104

SHA1
72528063c97eaa169153b025fc22e6bece041391

SHA256
fe625e27194f319faa5705c475552adc0f49b2df0bff49a8ed29d42e2d8e8863

SHA512
70c721524717d3352f31096feef9cd1add3a8d8e6e05dac824bedde1c41850bb24d521b7a4f3c729394e3a708877045637204e1042e4a7df11c1d33ea9c0b3cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d7823ebca248b0212b3ec89a8b5addfe

SHA1
6b5d5e3e03108487123503264904fed8046293c5

SHA256
fd816ed99ba8e586799ef3e2ffd31c088b6e583b5919e0fd3fb17fa62111bb64

SHA512
52619cfb046c09b89ec1ffb3c1db0dd0348afa99f8efb7f3b044d353d8c4901ade341d3b9ec86387c0def602c71f78d9036233f894bd5cd4f0eea7372b76ec96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4e42588898e5acca20ab9bd6b529e491

SHA1
565fcc86598c5130ad6c82cedb481cdf995b02dc

SHA256
dd88c0c19a5606513c967977fbaed2eb35f4a312ce5b157347d0b0d4759776f3

SHA512
46f04ac668bbce827b4e8d90bcd52b9063c5de327b65ceb5cab25325c224db02684f62f5311525c34422dcd30c90cc7a0caa20c51bd7f44bf82ce88e5f68bb75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
018a32f11205d0b418986462be797ab2

SHA1
94d6041ab3798fe3a868ff60da294377e60cc013

SHA256
2b88b5f884004f44d4ff7440b3db687bec4e5be205033b390e81610b63535eab

SHA512
1e599226bc1b89f28fcd6483d19aeff9dea6c7fcfbf834a9d4d71f9be6675d791cb623fdb516e9b1ba22afacf1826b4220d1e1c8bdad5a58ea9855a0ef08233e

Download Submit