8a1ffe4ca982973752887b3b70aeab07909f2a24b4c4bb012f61d0a52ea1f91f

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
17/05/2024, 04:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e79b296bc6935477db5bcc168a98c53_JaffaCakes118.html
Size

36KB
MD5

4e79b296bc6935477db5bcc168a98c53
SHA1

9e1326a9d86785d093c24c5f47fa65b6ca96860c
SHA256

8a1ffe4ca982973752887b3b70aeab07909f2a24b4c4bb012f61d0a52ea1f91f
SHA512

2170b98dff05e058aeb8846dd292a4597f9a0db44b9e16c114cbedf6d3a851dd15874f1be98c31a031a0fa53b65472a17c68f123d31f4ea983d9bd9a0164e90c
SSDEEP

768:zwx/MDTHvX88hARiUZPXklE1XnXrFLxNLlDNoPqkPTHlnkM3Gr6ThZOg6f9U56lG:Q/KL4bJxNVNufSM/P8JK

Score

1^/10

Malware Config

Signatures

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4668	msedge.exe
4668	msedge.exe
2016	msedge.exe
2016	msedge.exe
4636	identity_helper.exe
4636	identity_helper.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe
2248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe
2016	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 2260	2016	msedge.exe	83
PID 2016 wrote to memory of 2260	2016	msedge.exe	83
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 5068	2016	msedge.exe	85
PID 2016 wrote to memory of 4668	2016	msedge.exe	86
PID 2016 wrote to memory of 4668	2016	msedge.exe	86
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87
PID 2016 wrote to memory of 1300	2016	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\4e79b296bc6935477db5bcc168a98c53_JaffaCakes118.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7fff54f946f8,0x7fff54f94708,0x7fff54f94718
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  PID:2188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5164 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1772,16193766621237258291,457556270899197063,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2700 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2248

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:64

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2daa93382bba07cbc40af372d30ec576

SHA1
c5e709dc3e2e4df2ff841fbde3e30170e7428a94

SHA256
1826d2a57b1938c148bf212a47d947ed1bfb26cfc55868931f843ee438117f30

SHA512
65635cb59c81548a9ef8fdb0942331e7f3cd0c30ce1d4dba48aed72dbb27b06511a55d2aeaadfadbbb4b7cb4b2e2772bbabba9603b3f7d9c8b9e4a7fbf3d6b6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ecdc2754d7d2ae862272153aa9b9ca6e

SHA1
c19bed1c6e1c998b9fa93298639ad7961339147d

SHA256
a13d791473f836edcab0e93451ce7b7182efbbc54261b2b5644d319e047a00a7

SHA512
cd4fb81317d540f8b15f1495a381bb6f0f129b8923a7c06e4b5cf777d2625c30304aee6cc68aa20479e08d84e5030b43fbe93e479602400334dfdd7297f702f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\96b36144-5374-4097-9220-76b4f78598cf.tmp

Filesize
6KB

MD5
230f8c156bb6c3a7cc8f223bc6e5f086

SHA1
8195dd0124aa02440c538e45c76ac13b136d8900

SHA256
8c34fccc78303ac4926b760ea56a0139f03f40bcbedf8e013cb7e4c7703d8e42

SHA512
6401b3c055348522690eb92df50b3f44cb359085409c35d3dae93a2bb55b430d6467fe81e379896e9243b2d98dc560f3ad859e818e03db9273b29babd444c594

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
613B

MD5
54b45ce37809ccbbf4b457b7248701a2

SHA1
6a7a345848a16da271778b1655955d562659b1c6

SHA256
7d86ece0c8c5895e5825103eda55d962a1b0ed97b42b2d1ffc1ffbac6bf0f632

SHA512
80ef0d023f49895c61fa068e3b330b981c208f2499b550ab5d6345a273d95605f80d4652ed27154f5b552c5bb51ac6a4f50c9ac519d3597b21efcc4862b683d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
024a75999cdc9f69f6bce00b632cfb63

SHA1
1d49a6a2b3fa7f86bbc2cd9936ed91a05e27fef4

SHA256
d6815cddd8114b0fe4ce1842ce53bc6c8b559ea31c44831eaa82193024be7292

SHA512
d7490b93fc6ecf146fac9725d8287bf6f8a67880cef4a7e820f968fa39ce21ef3ce9ba1c4000533a75dbbb570ca567e00438ac6b499630cd27e80839502829db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
abc34470781acb001236a813116a3087

SHA1
5ed618538265d8e9dcb6b9c2d9df92b48be494a5

SHA256
a678fc1dccade16409cc520c641cb57a14006954c1769567afb4250a0b3bd275

SHA512
9660643f5b7b4ffea8e147ced0f286dde27d50204f6b768a02d4d5f549fff61de593c38ca87c2c06ba0193e98ec55cb523fd0f1e71ac451490d176b83d87e912

Download Submit