80fa1fbbe9e52b608d9200f8d0c5eaad83b34b48d4700bb72761b80c9e359478

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 07:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49f0321a8989934fd9a02b427bb7461d_JaffaCakes118.html
Size

37KB
MD5

49f0321a8989934fd9a02b427bb7461d
SHA1

d6e6287fa771a505054ffa6b93847690275f25ae
SHA256

80fa1fbbe9e52b608d9200f8d0c5eaad83b34b48d4700bb72761b80c9e359478
SHA512

c7183194d55cf7b41f332063ba143f4c7279956b76951b60024838ab5c2dc96058ad7fa190ded8d22634dafac9db107d8f9e2066cf04db3fa940e4476b4d8a54
SSDEEP

768:FL3pmAs6LiypowQBa9cPSBeyM1ru1rG1MpqO1rq1rW1+:N3pmAnityQr6riMtrGry+

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3168	msedge.exe
3168	msedge.exe
600	msedge.exe
600	msedge.exe
1404	identity_helper.exe
1404	identity_helper.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe
2648	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe
600	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 600 wrote to memory of 5048	600	msedge.exe	82
PID 600 wrote to memory of 5048	600	msedge.exe	82
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 2480	600	msedge.exe	83
PID 600 wrote to memory of 3168	600	msedge.exe	84
PID 600 wrote to memory of 3168	600	msedge.exe	84
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85
PID 600 wrote to memory of 1216	600	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\49f0321a8989934fd9a02b427bb7461d_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ace946f8,0x7ff8ace94708,0x7ff8ace94718
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:2480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
  2⤵
  PID:1576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,14166648165033012553,14179351479197979259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4936 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3968

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce4c898f8fc7601e2fbc252fdadb5115

SHA1
01bf06badc5da353e539c7c07527d30dccc55a91

SHA256
bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa

SHA512
80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4158365912175436289496136e7912c2

SHA1
813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59

SHA256
354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1

SHA512
74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d18cd77d57197ab5ca84787113fb17d1

SHA1
054a0e80e8da1cf0453e121126ba86ab6ef56bb4

SHA256
114996cdc0e4a191fa4ea4364db3bbe2f65ce108fc444cf7ce8061ddbd3bff36

SHA512
35f53164311b54a23faeb9d9fff80e5603140bb923bc2c2083ab1f57f529e5824900c3eb940c5229af9b520bfe2381c0c6e6422be93790abba0520ce48b6fbdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e20bac14169dcef1cdba8d23e3382bb9

SHA1
c09583e17c3f748f279e784a5eb2122fa5b24560

SHA256
63287e313b09dce406b20d74dd1db486fcf1e2160d6342cda41b86811097ab5e

SHA512
899c45fef518e654d09c7b3ed937daf875821a241f504777ea1c3c1112618b8a2a4b4fa686be0feac827b29c99063f606dc6f233ba8be341e1d1b837e21f549d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ced2d866b0f02401d125bf5f0a07b1f5

SHA1
8ff45475ccea9a5a929fe2e1fcb3f81e5cd90dff

SHA256
2364e4e4ce530a739c4c2a369ae2428f7a6676bbcdd44ba759070b7f0326cc05

SHA512
9f9d5a2dbc9288bd6eec23cece5da7b75c00aea6063c419c74096c3002a8c9e0a99353acf074c7d161558ef197b275590a401b5cf00cd5287b413fd255529818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cd6b8cfd018f0b9a070f6668502511da

SHA1
1e984d4ec932b52174068c66c717a478c8eb82a5

SHA256
e0cfb01c597885d789d2ad07b7116085b4e95e406ed38a005f71422c5882f7e1

SHA512
e210821e54b76e303abc15bbac730746f4a31e95c566b8d87389bae54b9bd1204469c28219bb31ff0acc85276044d5e91cf480607b800fbd7a6675df7d5f5b44

Download Submit