a94467601b801596fbb6f6e84664a2161a53f83e8f7e9ce1efcc859fdb16eb34

Analysis

max time kernel
146s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
16/05/2024, 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ce9090e9b14d4ad70f35eb5c882c0af_JaffaCakes118.html
Size

36KB
MD5

4ce9090e9b14d4ad70f35eb5c882c0af
SHA1

399c1d7f2b6af2d5785b760bfc5fab9d7d32ee04
SHA256

a94467601b801596fbb6f6e84664a2161a53f83e8f7e9ce1efcc859fdb16eb34
SHA512

8d6c384377a235dd614c977b3c417c89d2058b73426a5630b79a7c7bd449588dddf5cff601a10e1d3f28175be102ff4930e611cae914be7787c7394e7e11751e
SSDEEP

768:zwx/MDTH3P88hARxZPX8E1XnXrFLxNLlDNoPqkPTHlnkM3Gr6TUZOD6lrw6lLRcu:Q/PbJxNVru0S9/S8bK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3804	msedge.exe
3804	msedge.exe
3368	msedge.exe
3368	msedge.exe
4412	identity_helper.exe
4412	identity_helper.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe
3716	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe
3368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 3008	3368	msedge.exe	83
PID 3368 wrote to memory of 3008	3368	msedge.exe	83
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 1876	3368	msedge.exe	85
PID 3368 wrote to memory of 3804	3368	msedge.exe	86
PID 3368 wrote to memory of 3804	3368	msedge.exe	86
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87
PID 3368 wrote to memory of 4640	3368	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4ce9090e9b14d4ad70f35eb5c882c0af_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9584f46f8,0x7ff9584f4708,0x7ff9584f4718
  2⤵
  PID:3008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5464 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,781285128848323900,6774447042952977357,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1428

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
614B

MD5
678a22a092eb22561e51bddd2803c501

SHA1
dca2942de5a09f88ac418dccb03d911cf90c02b6

SHA256
b55954ff913060085befa8a0868369d916014976ae7c8d5f9a7d0bee06955d73

SHA512
94cf81b4242c9f2f5b22b8b74dbdf958ef0afadc0b301f3609e6d276d5091c44dd76aad49dbdb8794d10b2971fcdefe3e7a79f291af873d8aabb430ed4ac68a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bc2c323ddce02f53b4751f6c086ea22

SHA1
c869391ffb0e9642dd61a6859b4946c24c56340a

SHA256
3d10bbe084aa69ab14afddd5030fc47f60e66876ff71ca813d55ac60a3addae7

SHA512
0f0f3b3756f9a98fcdc0ee61fdfbce5dc69af02d575ca22b7498c4f0b2ed1e60527720bd0b0728c6f85073c2e8787494c4712f128b2f87b3df21ef0913bea444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6ecfd19ebc3c60587cb1be44ba325cee

SHA1
6ce15d0905dc38dd95ceaedefeb4ad39dc8f60d8

SHA256
906d5a09ac459d8d23fe46de071e84e78815727dc8b12b58bdf5dab64cc47099

SHA512
d197cd6855b82784df986e3d27af33ab0b5a9a6a40b5a57589bea457d84598c450b8fe15e70843f257e676befb4675190ba37ba056f75e9ed72387bfbfa76760

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f3f0f64510f96873a6be7f9383bea4e0

SHA1
4a6d986402a0faa045c27fb843851ab032485812

SHA256
745a3e60374a904fe01394de1587e64b2b40dd074b836f5bddbcff235a6a82e9

SHA512
577c959957015dcd82a2c034c50b4882bf424697a9acc07cab658527274d5da12a14b9845b84698c67dd01e4ccaf15e13a80f9647426223518ccc8c65e994b1f

Download Submit