36d978684f280132a1a7f07544193e76fc5ccd8bf9df7ce3589ec01150ace863

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 22:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

484a814d569d10cedc0bfa17dcd3a257_JaffaCakes118.html
Size

14KB
MD5

484a814d569d10cedc0bfa17dcd3a257
SHA1

6c25286886dd551f49d2b54e20bf83ae58fef508
SHA256

36d978684f280132a1a7f07544193e76fc5ccd8bf9df7ce3589ec01150ace863
SHA512

31a0fc826d656b34e41d0d02a12fb625fa64e97aae38bb24c29f9cfbdb28b0b708ad3e23e530ae0e1363a683c456d4c25656fb35625e444ea9a4a9b9e166159f
SSDEEP

384:PtSShHNxPMOsi/uLbsZMe4uxZVuGvIZbhMSfztiR:PtSShHXPMhguLbsZMw6GmMSfztiR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3620	msedge.exe
3620	msedge.exe
1836	msedge.exe
1836	msedge.exe
3124	identity_helper.exe
3124	identity_helper.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe
1664	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe
1836	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1420	1836	msedge.exe	82
PID 1836 wrote to memory of 1420	1836	msedge.exe	82
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 2728	1836	msedge.exe	83
PID 1836 wrote to memory of 3620	1836	msedge.exe	84
PID 1836 wrote to memory of 3620	1836	msedge.exe	84
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85
PID 1836 wrote to memory of 2868	1836	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\484a814d569d10cedc0bfa17dcd3a257_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb55f646f8,0x7ffb55f64708,0x7ffb55f64718
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1768
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6080 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4196 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:3512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5040 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,10806350556146825122,3296934833485494345,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4916 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3740

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4624

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
309B

MD5
0e7fc50f12e3d3cee72a4de3e86bddb5

SHA1
01f9598dea31e1591fa8a6d6acec9267bcd6f563

SHA256
ecd84bda10ac3f9e8a2b74a6429874353c7725b6b11136aee5a323f7476c62d2

SHA512
6c0523692555ee3f69f8f545be34c307af5e73e2e7c9b3c570154a0a585b66d2a5f347ca91e41e70e669e9f8592f14207d4b09df3fa57f00b345da2de697d426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2706d5a8d7cbb2f1f353875d733f9123

SHA1
02848eefe90d6c614f4550c211cb2d1ea125c1eb

SHA256
ea47dbe4d9561216fc0ca45efdc646b509edac6c744541946e0a4a1dbe5d2230

SHA512
d3b14931c46e74f5769b300daa143c5da8da8892f9305e38bba10c722afdfae12b2fdd539e3d7b866e4d1ac17de757719a931c579ae1cbb5c48389099a8401ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
209ad763e2732c425ac21c390f38405f

SHA1
d4380b42b119ec935b590c2cddc7e81e5ac1ad62

SHA256
eef5be03ac76e7b328200a71a7b1bcd46abd7e933eb919d71fa1eefe0a2a4d1e

SHA512
0a05b9a7afbf3db51dccd144a04826db10b3c1ee8a43ef0135aef141b64fd4044613708835103409352c104c51271999331bba9fef6a2f685feedf9072984b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4c30b311535d9fd1b6f4cc6f6c6cd35a

SHA1
3d9ea1cc08fc5e81e553db7297109502c81d2aaa

SHA256
9414bcc3e134e2114267c91096814c8d68b7286d2e3ac7fa439d67cefec7ac6a

SHA512
82971c612d9f693f422b56368ba1b956fd46e00dbd1d992b25389c604f44ad64cad7189f6e88f521d1a7211303dc9c9c4adac6a226d05c6a67c6d48f9fa44dee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2597e746e58844d363f41265e308d543

SHA1
64bbaeefda03092342b27bfeaa339ea1d503efe7

SHA256
8bf57c48d0906bac8a8642cbd7f68f3c413cd25427a048ebd733c7ec27b6724c

SHA512
fdc42dc047c31cac311f3c953ef93faad8c210651aa406a5a96302b08271fb64b868349e29fd7ca0b283c066e538806b6808bc1017b576acc788c8d1b3c920f8

Download Submit