dec88f6fc204952379daabda93b01539384499227030008f63968863ab86efbd

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 01:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4df3d8ce4ac583f5740fda2c67652a04_JaffaCakes118.html
Size

6KB
MD5

4df3d8ce4ac583f5740fda2c67652a04
SHA1

05856be736fd9fe279d0532ca351ce1e9b0a5cc9
SHA256

dec88f6fc204952379daabda93b01539384499227030008f63968863ab86efbd
SHA512

35862e43cf22e95b92de79fba5def28a02eaa069a1750508308d600a98f58fde8b8b4bdee8afa3cefc81084ccf4b87f655c1f61ba9e3a73a8469bb859e0c520c
SSDEEP

96:RTNVtkFsy9DZMnWJCRZPnex1y4B1BUMoEAxsm++w0yIFlVRYhsEdaJ4N/:rVtSpCRJnX4BLLBm+wycVRYhsEhR

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4528	msedge.exe
4528	msedge.exe
6100	msedge.exe
6100	msedge.exe
5748	identity_helper.exe
5748	identity_helper.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe
1712	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe
6100	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 6100 wrote to memory of 1136	6100	msedge.exe	82
PID 6100 wrote to memory of 1136	6100	msedge.exe	82
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 5136	6100	msedge.exe	83
PID 6100 wrote to memory of 4528	6100	msedge.exe	84
PID 6100 wrote to memory of 4528	6100	msedge.exe	84
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85
PID 6100 wrote to memory of 4968	6100	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4df3d8ce4ac583f5740fda2c67652a04_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:6100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff427246f8,0x7fff42724708,0x7fff42724718
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2568 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:2644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,4624546410773784009,4811645915282417624,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ae54e9db2e89f2c54da8cc0bfcbd26bd

SHA1
a88af6c673609ecbc51a1a60dfbc8577830d2b5d

SHA256
5009d3c953de63cfd14a7d911156c514e179ff07d2b94382d9caac6040cb72af

SHA512
e3b70e5eb7321b9deca6f6a17424a15b9fd5c4008bd3789bd01099fd13cb2f4a2f37fe4b920fb51c50517745b576c1f94df83efd1a7e75949551163985599998

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f53207a5ca2ef5c7e976cbb3cb26d870

SHA1
49a8cc44f53da77bb3dfb36fc7676ed54675db43

SHA256
19ab4e3c9da6d9cedda7461efdba9a2085e743513ab89f1dd0fd5a8f9486ad23

SHA512
be734c7e8afda19f445912aef0d78f9941add29baebd4a812bff27f10a1d78b52aeb11c551468c8644443c86e1a2a6b2e4aead3d7f81d39925e3c20406ac1499

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
178B

MD5
81b4ab89b012c6fdd249e364967a4a3c

SHA1
3a72bc3817e7394712dac612fde82c322d4e30af

SHA256
a7baf57bee3d533c950bf088a1660b0ca8a0b6e676bff2c816eabb19787e5994

SHA512
a29c1a32c84beb54a8b965f12f81d4e31b287f91cee3608847a00b85f784d6442eee328d72cc22409a7e047757f5b4b6f1f775ef9a22adf8e60f522a9740a346

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62ad1d1408294379d6d8e768d5071c1e

SHA1
5e5500b2cefc84ec51f0dda64e2be35578215bfb

SHA256
61fa67b0545e1f110b75e3ec5d49f1b2df6c6f72895c87ecb0d902c60aa75dce

SHA512
e27defe87685aeee95aae84137224b992a087b5c86b36a7ba5141128325f0b3fb24b57876c2ad73b66fb90b2fa636053c954837fdd94a11d0be1ee26cda4383d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
d98aedb220ba81dd9bcc67c825bad449

SHA1
04d9d315d49d6d4058cb4b17b43e3e3e577c5e3d

SHA256
dd6f35213361678e2af6b31fc8a2f0d8e56aa3fac842e4bff4c48e1d077cd406

SHA512
acd652d7272e26315d1db41ea208f9ce6b2c8104a2c86d99da2e2f2fe2cdd1bc07a4811874ac8498aa9a51b7e5d775d8a0ec0a9921a21b1c3f9c558bc041d2ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47fecfc0effa9f3432ea7400543e5149

SHA1
10d1018e97ffb0a97dc9ab2b738e3b6eb7a7dcd4

SHA256
4788e229071e5e90045d9032b78a31efc96f24b44a0e96bd7aa04b14eb9ce4ee

SHA512
ca3e2b2de463bebebda5c9323844f88a1f2578228dbee25e17f848d7ba92252852d74b38486ba9d478c7a08669a3d7e81acab1979f91687d38043eb06576fa3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a64b92665c9cde0742d1c7c942d93c4

SHA1
2d22700f5e6bcc53ff4d0b50dadf63746d0a1090

SHA256
951587acffade0c1d5dc63c3535bb967d516b456f5a9f6b69088e0d890b26bbe

SHA512
b8e8d4372b2fef1e952d8c394f335fe10a1ea00a4b7e7b9709662148de1ad973f6d75828077c6f20a7c3c14b485b8e7429c02ee57a1b4800a5df387583f526b3

Download Submit