9948cb3aa98792a12347c15f770713edba0ee7cc286634f24bd6fc0cf7bdfa55

Analysis

max time kernel
149s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
15/05/2024, 11:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f21e0f82c04d2220b63c5ab001e20c_JaffaCakes118.html
Size

4KB
MD5

45f21e0f82c04d2220b63c5ab001e20c
SHA1

caaf83570f7a63b91805a7c56aebc71bde93b609
SHA256

9948cb3aa98792a12347c15f770713edba0ee7cc286634f24bd6fc0cf7bdfa55
SHA512

8bcfa3b29c6950cabc3376fc5ddd664a2185374f31327b804207b5e56cf4e90fa0afab2c221c8cdd644a9486a73b09ae543bc1319cf7a934cef142880d3d5b7d
SSDEEP

96:mkua2Rg7h3Z7phL2VDo5DAEMtGgO+XSNPQSzKBI4i95MYKFUOMXQNAdt:mHRg7h3Z7phL2VDoRwto+CXzKB14MYKm

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4828	msedge.exe
4828	msedge.exe
3800	msedge.exe
3800	msedge.exe
3908	identity_helper.exe
3908	identity_helper.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe
3800	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3800 wrote to memory of 396	3800	msedge.exe	86
PID 3800 wrote to memory of 396	3800	msedge.exe	86
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 2120	3800	msedge.exe	87
PID 3800 wrote to memory of 4828	3800	msedge.exe	88
PID 3800 wrote to memory of 4828	3800	msedge.exe	88
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89
PID 3800 wrote to memory of 1164	3800	msedge.exe	89

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\45f21e0f82c04d2220b63c5ab001e20c_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb324046f8,0x7ffb32404708,0x7ffb32404718
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:2120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
  2⤵
  PID:3716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:1820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,6275225782721709137,14704332757696767375,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f7152bc5a1a715ef481e37d1c791959

SHA1
c8a1ed674c62ae4f45519f90a8cc5a81eff3a6d7

SHA256
704dd4f98d8ca34ec421f23ba1891b178c23c14b3301e4655efc5c02d356c2bc

SHA512
2e6b02ca35d76a655a17a5f3e9dbd8d7517c7dae24f0095c7350eb9e7bdf9e1256a7009aa8878f96c89d1ea4fe5323a41f72b8c551806dda62880d7ff231ff5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ea98e583ad99df195d29aa066204ab56

SHA1
f89398664af0179641aa0138b337097b617cb2db

SHA256
a7abb51435909fa2d75c6f2ff5c69a93d4a0ab276ed579e7d8733b2a63ffbee6

SHA512
e109be3466e653e5d310b3e402e1626298b09205d223722a82344dd78504f3c33e1e24e8402a02f38cd2c9c50d96a303ce4846bea5a583423937ab018cd5782f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c06d211-c169-4472-aed4-56d7ab95e0ae.tmp

Filesize
5KB

MD5
f91cb95e007bd92b3e2982a1e2458a79

SHA1
6c986affb16087d3d9220a92d09b560a81f8a5c7

SHA256
fc6e6e521daf068c19dc3a80e8f8be18bdc976c0c4e48cb6e83731d712ea08cc

SHA512
10886ce8e546b3f920aa55c27f4ec4524df3f1bce0eaa0fb507c4018fcef741074aaa021d0ddfb5dced9df1f8437e3e735a5beaaf643534c96c493d343733014

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
460B

MD5
aadd521346eb3a33e6e0d4da614e8a42

SHA1
a8e65e4db1d5ed8cb3a36aa0ee417df1642d410b

SHA256
e1a6ebbd1efb6d8ff26866763308f026d6311eda8f13b403c55295cf991a599f

SHA512
0789306ce78f0c12307768473c545b48b0c54577e32e12a52957155fe621a4406e8f2cd5adf687cd4f57f3650d0711be6faa0c71d54f399777ef036307c74522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
73e38c1856ab7004668a1a263c785938

SHA1
181259370b81cf7cd0fba583acf931ea9cc03f0c

SHA256
66dfd1c39e872983dab0888ecaf0293457eede414ca610465e4f207ddc080018

SHA512
650f437150f4b22694dc5402d7b8db2d3a86e36ad6a72d288e6fcaaf4c340ce485e70fb9b6f1128777c89c5f378bcaf841dd61ce1838835dc4ddb5ee1ac3c3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c23cc2a364ea71cb4d0247acfca5274

SHA1
1906d63f60ff56094c5e4ee7e9f936304ee7e428

SHA256
fc37c6abc5b15fb6e9ce831c749cdc74f7011e6207c40f4243f9fafb703d8fce

SHA512
f41feedd334c93d977ac8a70d088eb41aa33a415a6f09cdffb028a3822902af4ab9f0e5a22280c33bcc3622e8e86e1c8d129f535e52b53ad8e2234eac30569b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
064104ac47986b0be3ead6593cd9f219

SHA1
95618668b3c2c5d761990f056e1d97b7d3d7360c

SHA256
0b93a0b35d6a3f896b3031cc75ffd36beacc18b116f9dd7b2d2009222243e329

SHA512
ac6376ac9a523b83ff5669c531844b9232750f3d73d739fcc349b1f0bff39f6d4314359276bb3cd8a7026991d6d0a728bdbfcfe623c8874a1d5e719a331d0402

Download Submit